ID

VAR-201811-0188


CVE

CVE-2018-15452


TITLE

Cisco Advanced Malware Protection for Endpoints Vulnerabilities in uncontrolled search path elements

Trust: 0.8

sources: JVNDB: JVNDB-2018-014548

DESCRIPTION

A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit this vulnerability, the attacker would need to have administrative credentials on the Windows system. The vulnerability is due to the improper validation of resources loaded by a system process at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. A successful exploit could allow the attacker to disable the targeted system's scanning services and ultimately prevent the system from being protected from further intrusion. There are no workarounds that address this vulnerability. Cisco Advanced Malware Protection is prone to a local arbitrary code execution vulnerability. A local attacker can leverage this issue to execute arbitrary code with administrative system privileges. Cisco Advanced Malware Protection (AMP) for Endpoints for Windows is an endpoint security solution based on the Windows platform from Cisco. The product mainly has functions such as advanced threat prevention, monitoring and response

Trust: 1.98

sources: NVD: CVE-2018-15452 // JVNDB: JVNDB-2018-014548 // BID: 105759 // VULHUB: VHN-125713

AFFECTED PRODUCTS

vendor:ciscomodel:advanced malware protection for endpointsscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:amp for endpointsscope: - version: -

Trust: 0.8

vendor:ciscomodel:amp for endpointsscope:eqversion:6.1(7)

Trust: 0.3

sources: BID: 105759 // JVNDB: JVNDB-2018-014548 // NVD: CVE-2018-15452

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15452
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2018-15452
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-15452
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-1568
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125713
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15452
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125713
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15452
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2018-15452
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-125713 // JVNDB: JVNDB-2018-014548 // CNNVD: CNNVD-201810-1568 // NVD: CVE-2018-15452 // NVD: CVE-2018-15452

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.9

sources: VULHUB: VHN-125713 // JVNDB: JVNDB-2018-014548 // NVD: CVE-2018-15452

THREAT TYPE

local

Trust: 0.9

sources: BID: 105759 // CNNVD: CNNVD-201810-1568

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201810-1568

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014548

PATCH

title:cisco-sa-20181029-amp-dllurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181029-amp-dll

Trust: 0.8

title:Cisco Advanced Malware Protection for Endpoints for Windows DLL Fixes for loading component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86538

Trust: 0.6

sources: JVNDB: JVNDB-2018-014548 // CNNVD: CNNVD-201810-1568

EXTERNAL IDS

db:NVDid:CVE-2018-15452

Trust: 2.8

db:BIDid:105759

Trust: 2.0

db:JVNDBid:JVNDB-2018-014548

Trust: 0.8

db:CNNVDid:CNNVD-201810-1568

Trust: 0.7

db:VULHUBid:VHN-125713

Trust: 0.1

sources: VULHUB: VHN-125713 // BID: 105759 // JVNDB: JVNDB-2018-014548 // CNNVD: CNNVD-201810-1568 // NVD: CVE-2018-15452

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181029-amp-dll

Trust: 2.0

url:http://www.securityfocus.com/bid/105759

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15452

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-15452

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-125713 // BID: 105759 // JVNDB: JVNDB-2018-014548 // CNNVD: CNNVD-201810-1568 // NVD: CVE-2018-15452

CREDITS

Cisco

Trust: 0.3

sources: BID: 105759

SOURCES

db:VULHUBid:VHN-125713
db:BIDid:105759
db:JVNDBid:JVNDB-2018-014548
db:CNNVDid:CNNVD-201810-1568
db:NVDid:CVE-2018-15452

LAST UPDATE DATE

2024-08-14T15:02:31.587000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-125713date:2019-10-09T00:00:00
db:BIDid:105759date:2018-10-29T00:00:00
db:JVNDBid:JVNDB-2018-014548date:2019-03-26T00:00:00
db:CNNVDid:CNNVD-201810-1568date:2019-10-17T00:00:00
db:NVDid:CVE-2018-15452date:2019-10-09T23:35:39.860

SOURCES RELEASE DATE

db:VULHUBid:VHN-125713date:2018-11-13T00:00:00
db:BIDid:105759date:2018-10-29T00:00:00
db:JVNDBid:JVNDB-2018-014548date:2019-03-26T00:00:00
db:CNNVDid:CNNVD-201810-1568date:2018-11-02T00:00:00
db:NVDid:CVE-2018-15452date:2018-11-13T14:29:00.230