Details of VAR-201907-0395

ID

VAR-201907-0395

CVE

CVE-2019-1932

TITLE

Cisco Advanced Malware Protection for Endpoints Vulnerabilities related to insufficient validation of data reliability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006242

DESCRIPTION

A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows filesystem. A successful exploit could allow the attacker to execute the code with the privileges of the AMP service. This issue is being tracked by Cisco Bug ID CSCvp53361

Trust: 1.98

sources: NVD: CVE-2019-1932 // JVNDB: JVNDB-2019-006242 // BID: 109050 // VULHUB: VHN-151754

AFFECTED PRODUCTS

vendor:	cisco	model:	advanced malware protection for endpoints	scope:	eq	version:	6.2\(3\)	Trust: 1.0
vendor:	cisco	model:	amp for endpoints	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	advanced malware protection for endpoints 6.2.3.10807 030519	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	advanced malware protection for endpoints	scope:	eq	version:	6.2(3)	Trust: 0.3
vendor:	cisco	model:	advanced malware protection for endpoints	scope:	ne	version:	6.3.3	Trust: 0.3

sources: BID: 109050 // JVNDB: JVNDB-2019-006242 // NVD: CVE-2019-1932

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1932
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1932
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1932
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201907-219
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-151754
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-1932
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-151754
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1932
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-151754 // JVNDB: JVNDB-2019-006242 // CNNVD: CNNVD-201907-219 // NVD: CVE-2019-1932 // NVD: CVE-2019-1932

PROBLEMTYPE DATA

problemtype:

CWE-345

Trust: 1.9

sources: VULHUB: VHN-151754 // JVNDB: JVNDB-2019-006242 // NVD: CVE-2019-1932

THREAT TYPE

local

Trust: 0.9

sources: BID: 109050 // CNNVD: CNNVD-201907-219

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201907-219

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006242

PATCH

title:	cisco-sa-20190703-amp-commandinj	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-amp-commandinj	Trust: 0.8
title:	Cisco Advanced Malware Protection for Endpoints for Windows Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94409	Trust: 0.6

sources: JVNDB: JVNDB-2019-006242 // CNNVD: CNNVD-201907-219

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1932	Trust: 2.8
db:	BID	id:	109050	Trust: 1.0
db:	JVNDB	id:	JVNDB-2019-006242	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.2444	Trust: 0.6
db:	CNNVD	id:	CNNVD-201907-219	Trust: 0.6
db:	VULHUB	id:	VHN-151754	Trust: 0.1

sources: VULHUB: VHN-151754 // BID: 109050 // JVNDB: JVNDB-2019-006242 // CNNVD: CNNVD-201907-219 // NVD: CVE-2019-1932

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190703-amp-commandinj	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1932	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1932	Trust: 0.8
url:	https://www.securityfocus.com/bid/109050	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2444/	Trust: 0.6

sources: VULHUB: VHN-151754 // BID: 109050 // JVNDB: JVNDB-2019-006242 // CNNVD: CNNVD-201907-219 // NVD: CVE-2019-1932

CREDITS

Edsel Valle of NSS Labs.

Trust: 0.9

sources: BID: 109050 // CNNVD: CNNVD-201907-219

SOURCES

db:	VULHUB	id:	VHN-151754
db:	BID	id:	109050
db:	JVNDB	id:	JVNDB-2019-006242
db:	CNNVD	id:	CNNVD-201907-219
db:	NVD	id:	CVE-2019-1932

LAST UPDATE DATE

2024-08-14T14:19:27.323000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-151754	date:	2019-10-09T00:00:00
db:	BID	id:	109050	date:	2019-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2019-006242	date:	2019-07-17T00:00:00
db:	CNNVD	id:	CNNVD-201907-219	date:	2019-07-16T00:00:00
db:	NVD	id:	CVE-2019-1932	date:	2019-10-09T23:48:35.800

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-151754	date:	2019-07-06T00:00:00
db:	BID	id:	109050	date:	2019-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2019-006242	date:	2019-07-17T00:00:00
db:	CNNVD	id:	CNNVD-201907-219	date:	2019-07-03T00:00:00
db:	NVD	id:	CVE-2019-1932	date:	2019-07-06T02:15:12.090