ID

VAR-201811-0189


CVE

CVE-2018-15437


TITLE

Cisco Immunet and Cisco Advanced Malware Protection for Endpoints Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2018-014547

DESCRIPTION

A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. An attacker could exploit this vulnerability by gaining local access to a system running Microsoft Windows and protected by Cisco Immunet or Cisco AMP for Endpoints and executing a malicious file. A successful exploit could allow the attacker to prevent the scanning services from functioning properly and ultimately prevent the system from being protected from further intrusion. A local attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco bug IDs CSCvk70945, and CSCvn05551. AMP for Endpoints is a suite of endpoint applications that integrates static and dynamic malware analysis and threat intelligence

Trust: 1.98

sources: NVD: CVE-2018-15437 // JVNDB: JVNDB-2018-014547 // BID: 105867 // VULHUB: VHN-125696

AFFECTED PRODUCTS

vendor:ciscomodel:advanced malware protection for endpointsscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:immunet for endpointsscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:amp for endpointsscope: - version: -

Trust: 0.8

vendor:ciscomodel:immunet for endpointsscope: - version: -

Trust: 0.8

vendor:ciscomodel:immunetscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:amp for endpointsscope:eqversion:0

Trust: 0.3

sources: BID: 105867 // JVNDB: JVNDB-2018-014547 // NVD: CVE-2018-15437

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15437
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2018-15437
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-15437
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201811-189
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125696
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-15437
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125696
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15437
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2018-15437
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2018-15437
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-125696 // JVNDB: JVNDB-2018-014547 // CNNVD: CNNVD-201811-189 // NVD: CVE-2018-15437 // NVD: CVE-2018-15437

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-125696 // JVNDB: JVNDB-2018-014547 // NVD: CVE-2018-15437

THREAT TYPE

local

Trust: 0.9

sources: BID: 105867 // CNNVD: CNNVD-201811-189

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201811-189

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014547

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-125696

PATCH

title:cisco-sa-20181107-imm-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-imm-dos

Trust: 0.8

title:Cisco Immunet and Cisco AMP for Endpoints Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86659

Trust: 0.6

sources: JVNDB: JVNDB-2018-014547 // CNNVD: CNNVD-201811-189

EXTERNAL IDS

db:NVDid:CVE-2018-15437

Trust: 2.8

db:BIDid:105867

Trust: 2.0

db:EXPLOIT-DBid:45829

Trust: 1.7

db:JVNDBid:JVNDB-2018-014547

Trust: 0.8

db:CNNVDid:CNNVD-201811-189

Trust: 0.7

db:PACKETSTORMid:150241

Trust: 0.1

db:VULHUBid:VHN-125696

Trust: 0.1

sources: VULHUB: VHN-125696 // BID: 105867 // JVNDB: JVNDB-2018-014547 // CNNVD: CNNVD-201811-189 // NVD: CVE-2018-15437

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181107-imm-dos

Trust: 2.0

url:http://www.securityfocus.com/bid/105867

Trust: 1.7

url:https://www.exploit-db.com/exploits/45829/

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15437

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-15437

Trust: 0.8

url:http://www.cisco.com

Trust: 0.3

sources: VULHUB: VHN-125696 // BID: 105867 // JVNDB: JVNDB-2018-014547 // CNNVD: CNNVD-201811-189 // NVD: CVE-2018-15437

CREDITS

Cisco would like to thank John Page (hyp3rlinx) of ApparitionSec for reporting this vulnerability.

Trust: 0.6

sources: CNNVD: CNNVD-201811-189

SOURCES

db:VULHUBid:VHN-125696
db:BIDid:105867
db:JVNDBid:JVNDB-2018-014547
db:CNNVDid:CNNVD-201811-189
db:NVDid:CVE-2018-15437

LAST UPDATE DATE

2024-08-14T14:26:32.700000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-125696date:2020-09-16T00:00:00
db:BIDid:105867date:2018-11-07T00:00:00
db:JVNDBid:JVNDB-2018-014547date:2019-03-26T00:00:00
db:CNNVDid:CNNVD-201811-189date:2020-10-22T00:00:00
db:NVDid:CVE-2018-15437date:2020-09-16T14:13:03.323

SOURCES RELEASE DATE

db:VULHUBid:VHN-125696date:2018-11-08T00:00:00
db:BIDid:105867date:2018-11-07T00:00:00
db:JVNDBid:JVNDB-2018-014547date:2019-03-26T00:00:00
db:CNNVDid:CNNVD-201811-189date:2018-11-08T00:00:00
db:NVDid:CVE-2018-15437date:2018-11-08T17:29:00.560