Details of VAR-201804-1015

ID

VAR-201804-1015

CVE

CVE-2018-0237

TITLE

Endpoints for Cisco Advanced Malware Protection Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004422

DESCRIPTION

A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detecting DMG files. An attacker could exploit this vulnerability by sending a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector. An exploit could allow the attacker to bypass configured malware detection. Cisco Bug IDs: CSCve34034. Vendors have confirmed this vulnerability Bug ID CSCve34034 It is released as.Information may be tampered with. This may aid in further attacks

Trust: 1.98

sources: NVD: CVE-2018-0237 // JVNDB: JVNDB-2018-004422 // BID: 104505 // VULHUB: VHN-118439

AFFECTED PRODUCTS

vendor:	cisco	model:	advanced malware protection for endpoints	scope:	eq	version:	1.4\(5\)	Trust: 1.6
vendor:	cisco	model:	amp for endpoints	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	advanced malware protection for endpoints	scope:	eq	version:	0	Trust: 0.3

sources: BID: 104505 // JVNDB: JVNDB-2018-004422 // CNNVD: CNNVD-201804-1105 // NVD: CVE-2018-0237

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0237
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0237
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201804-1105
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118439
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0237
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118439
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0237
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0237
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-118439 // JVNDB: JVNDB-2018-004422 // CNNVD: CNNVD-201804-1105 // NVD: CVE-2018-0237

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-706	Trust: 1.1

sources: VULHUB: VHN-118439 // JVNDB: JVNDB-2018-004422 // NVD: CVE-2018-0237

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1105

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201804-1105

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004422

PATCH

title:

cisco-sa-20180418-amp

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp

Trust: 0.8

sources: JVNDB: JVNDB-2018-004422

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0237	Trust: 2.8
db:	JVNDB	id:	JVNDB-2018-004422	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-1105	Trust: 0.7
db:	BID	id:	104505	Trust: 0.4
db:	VULHUB	id:	VHN-118439	Trust: 0.1

sources: VULHUB: VHN-118439 // BID: 104505 // JVNDB: JVNDB-2018-004422 // CNNVD: CNNVD-201804-1105 // NVD: CVE-2018-0237

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180418-amp	Trust: 2.0
url:	https://wwws.nightwatchcybersecurity.com/2018/02/25/research-compressed-files-auto-detection-on-macos/	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0237	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0237	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118439 // BID: 104505 // JVNDB: JVNDB-2018-004422 // CNNVD: CNNVD-201804-1105 // NVD: CVE-2018-0237

CREDITS

Yakov Shafranovich of Nightwatch Cybersecurity Research

Trust: 0.3

sources: BID: 104505

SOURCES

db:	VULHUB	id:	VHN-118439
db:	BID	id:	104505
db:	JVNDB	id:	JVNDB-2018-004422
db:	CNNVD	id:	CNNVD-201804-1105
db:	NVD	id:	CVE-2018-0237

LAST UPDATE DATE

2024-11-23T23:05:08.301000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118439	date:	2020-09-04T00:00:00
db:	BID	id:	104505	date:	2018-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-004422	date:	2018-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201804-1105	date:	2020-09-07T00:00:00
db:	NVD	id:	CVE-2018-0237	date:	2024-11-21T03:37:47.473

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118439	date:	2018-04-19T00:00:00
db:	BID	id:	104505	date:	2018-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-004422	date:	2018-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201804-1105	date:	2018-04-19T00:00:00
db:	NVD	id:	CVE-2018-0237	date:	2018-04-19T20:29:00.643