CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1386 – Cisco Advanced Malware Protection for Endpoints Windows Connector, ClamAV for Windows, and Immunet DLL Hijacking Vulnerability
https://notcve.org/view.php?id=CVE-2021-1386
07 Apr 2021 — A vulnerability in the dynamic link library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Endpoints Windows Connector, ClamAV for Windows, and Immunet could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected Windows system. To exploit this vulnerability, the attacker would need valid credentials on the system. The vulnerability is due to insufficient validation of directory search paths at run time. An attacker could exploit this vulnerability by... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp-imm-dll-tu79hvkO • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1280 – Cisco Advanced Malware Protection for Endpoints and Immunet for Windows DLL Hijacking Vulnerability
https://notcve.org/view.php?id=CVE-2021-1280
20 Jan 2021 — A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection (AMP) for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted syste... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp-imm-dll-5PAZ3hRV • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.3EPSS: 0%CPEs: 11EXPL: 0CVE-2020-3350 – Cisco AMP for Endpoints and ClamAV Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3350
18 Jun 2020 — A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system ... • https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3314 – Cisco AMP for Endpoints Mac Connector Software File Scan Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3314
22 May 2020 — A vulnerability in the file scan process of Cisco AMP for Endpoints Mac Connector Software could cause the scan engine to crash during the scan of local files, resulting in a restart of the AMP Connector and a denial of service (DoS) condition of the Cisco AMP for Endpoints service. The vulnerability is due to insufficient input validation of specific file attributes. An attacker could exploit this vulnerability by providing a crafted file to a user of an affected system. A successful exploit could allow th... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp4emac-dos-kfKjUGtM • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3343 – Cisco AMP for Endpoints Linux Connector and AMP for Endpoints Mac Connector Software Memory Buffer Vulnerability
https://notcve.org/view.php?id=CVE-2020-3343
22 May 2020 — A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. Una vulnerabilidad en Cisco AM... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp4elinux-h33dkrvb • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3344 – Cisco AMP for Endpoints Linux Connector and AMP for Endpoints Mac Connector Software Memory Buffer Vulnerability
https://notcve.org/view.php?id=CVE-2020-3344
22 May 2020 — A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. Una vulnerabilidad en Cisco AM... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp4elinux-h33dkrvb • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1932 – Cisco Advanced Malware Protection for Endpoints Windows Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1932
06 Jul 2019 — A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows filesystem. A successful exploit could allow the attacker to execute the code with the privileges of the AMP service. Una vulnerabilidad en A... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-amp-commandinj • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15452 – Cisco Advanced Malware Protection for Endpoints on Windows DLL Preloading Vulnerability
https://notcve.org/view.php?id=CVE-2018-15452
13 Nov 2018 — A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit this vulnerability, the attacker would need to have administrative credentials on the Windows system. The vulnerability is due to the improper validation of resources loaded by a system process at run time. An attacker could exploit thi... • http://www.securityfocus.com/bid/105759 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2018-15437 – Cisco Immunet and Cisco AMP for Endpoints System Scan Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15437
08 Nov 2018 — A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. An attacker could exploit this vulnerability by gaining local access to a system running Microsoft Windows and pr... • https://packetstorm.news/files/id/150241 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0397
https://notcve.org/view.php?id=CVE-2018-0397
01 Aug 2018 — A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. The vulnerability exists if the affected software is running in Block network conviction mode. Exploitation could occur if the system that is running the affected software starts a server process and an address in the IP blacklist cache of the affected software attempts... • http://www.securityfocus.com/bid/104946 • CWE-399: Resource Management Errors •