Sign-up

ID

VAR-201811-0189


CVE

CVE-2018-15437


TITLE

Cisco Immunet and Cisco Advanced Malware Protection for Endpoints Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2018-014547

DESCRIPTION

A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. An attacker could exploit this vulnerability by gaining local access to a system running Microsoft Windows and protected by Cisco Immunet or Cisco AMP for Endpoints and executing a malicious file. A successful exploit could allow the attacker to prevent the scanning services from functioning properly and ultimately prevent the system from being protected from further intrusion. A local attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco bug IDs CSCvk70945, and CSCvn05551. AMP for Endpoints is a suite of endpoint applications that integrates static and dynamic malware analysis and threat intelligence

Trust: 1.98

sources: NVD: CVE-2018-15437 // JVNDB: JVNDB-2018-014547 // BID: 105867 // VULHUB: VHN-125696

AFFECTED PRODUCTS

vendor:ciscomodel:advanced malware protection for endpointsscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:immunet for endpointsscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:amp for endpointsscope: - version: -

Trust: 0.8

vendor:ciscomodel:immunet for endpointsscope: - version: -

Trust: 0.8

vendor:ciscomodel:immunetscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:amp for endpointsscope:eqversion:0

Trust: 0.3

sources: BID: 105867 // JVNDB: JVNDB-2018-014547 // NVD: CVE-2018-15437

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15437
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2018-15437
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-15437
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201811-189
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125696
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-15437
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125696
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15437
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2018-15437
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2018-15437
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-125696 // JVNDB: JVNDB-2018-014547 // CNNVD: CNNVD-201811-189 // NVD: CVE-2018-15437 // NVD: CVE-2018-15437

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-125696 // JVNDB: JVNDB-2018-014547 // NVD: CVE-2018-15437

THREAT TYPE

local

Trust: 0.9

sources: BID: 105867 // CNNVD: CNNVD-201811-189

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201811-189

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014547

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-125696

PATCH
title:cisco-sa-20181107-imm-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-imm-dos
Trust: 0.8
title:Cisco Immunet  and Cisco AMP for Endpoints Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86659
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014547 // 
            
            
            
            CNNVD: CNNVD-201811-189

EXTERNAL IDS
db:NVDid:CVE-2018-15437
Trust: 2.8
db:BIDid:105867
Trust: 2.0
db:EXPLOIT-DBid:45829
Trust: 1.7
db:JVNDBid:JVNDB-2018-014547
Trust: 0.8
db:CNNVDid:CNNVD-201811-189
Trust: 0.7
db:PACKETSTORMid:150241
Trust: 0.1
db:VULHUBid:VHN-125696
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125696 // 
            
            
            
            BID: 105867 // 
            
            
            
            JVNDB: JVNDB-2018-014547 // 
            
            
            
            CNNVD: CNNVD-201811-189 // 
            
            
            
            NVD: CVE-2018-15437

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181107-imm-dos
Trust: 2.0
url:http://www.securityfocus.com/bid/105867
Trust: 1.7
url:https://www.exploit-db.com/exploits/45829/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15437
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15437
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-125696 // 
            
            
            
            BID: 105867 // 
            
            
            
            JVNDB: JVNDB-2018-014547 // 
            
            
            
            CNNVD: CNNVD-201811-189 // 
            
            
            
            NVD: CVE-2018-15437

CREDITS
Cisco would like to thank John Page (hyp3rlinx) of ApparitionSec for reporting this vulnerability.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201811-189

SOURCES
db:VULHUBid:VHN-125696
db:BIDid:105867
db:JVNDBid:JVNDB-2018-014547
db:CNNVDid:CNNVD-201811-189
db:NVDid:CVE-2018-15437

LAST UPDATE DATE
2024-08-14T14:26:32.700000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125696date:2020-09-16T00:00:00
db:BIDid:105867date:2018-11-07T00:00:00
db:JVNDBid:JVNDB-2018-014547date:2019-03-26T00:00:00
db:CNNVDid:CNNVD-201811-189date:2020-10-22T00:00:00
db:NVDid:CVE-2018-15437date:2020-09-16T14:13:03.323

SOURCES RELEASE DATE
db:VULHUBid:VHN-125696date:2018-11-08T00:00:00
db:BIDid:105867date:2018-11-07T00:00:00
db:JVNDBid:JVNDB-2018-014547date:2019-03-26T00:00:00
db:CNNVDid:CNNVD-201811-189date:2018-11-08T00:00:00
db:NVDid:CVE-2018-15437date:2018-11-08T17:29:00.560