CVE-2018-0237

Severity Score

5.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detecting DMG files. An attacker could exploit this vulnerability by sending a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector. An exploit could allow the attacker to bypass configured malware detection. Cisco Bug IDs: CSCve34034.

Una vulnerabilidad en el mecanismo de detección de tipos de archivo en Cisco Advanced Malware Protection (AMP) para Endpoints macOS Connector podría permitir que un atacante remoto no autenticado omita la detección de malware. La vulnerabilidad ocurre debido a que el software depende solo de la extensión del archivo para detectar archivos DMG. Un atacante podría explotar esta vulnerabilidad enviando un archivo DMG con una extensión no estándar a un dispositivo que ejecuta un AMP afectado para Endpoints macOS Connector. Su explotación podría permitir que el atacante omita la detección de malware configurada. Cisco Bug IDs: CSCve34034.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-27 CVE Reserved
2018-04-19 CVE Published
2024-02-27 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-706: Use of Incorrectly-Resolved Name or Reference

CAPEC

References (2)

URL	Tag	Source
https://wwws.nightwatchcybersecurity.com/2018/02/25/research-compressed-files-auto-detection-on-macos	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp	2020-09-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Advanced Malware Protection For Endpoints Search vendor "Cisco" for product "Advanced Malware Protection For Endpoints"				1.4\(5\) Search vendor "Cisco" for product "Advanced Malware Protection For Endpoints" and version "1.4\(5\)"		mac_os_x		Affected