ID

VAR-201907-0395


CVE

CVE-2019-1932


TITLE

Cisco Advanced Malware Protection for Endpoints Vulnerabilities related to insufficient validation of data reliability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006242

DESCRIPTION

A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows filesystem. A successful exploit could allow the attacker to execute the code with the privileges of the AMP service. This issue is being tracked by Cisco Bug ID CSCvp53361

Trust: 1.98

sources: NVD: CVE-2019-1932 // JVNDB: JVNDB-2019-006242 // BID: 109050 // VULHUB: VHN-151754

AFFECTED PRODUCTS

vendor:ciscomodel:advanced malware protection for endpointsscope:eqversion:6.2\(3\)

Trust: 1.0

vendor:ciscomodel:amp for endpointsscope: - version: -

Trust: 0.8

vendor:ciscomodel:advanced malware protection for endpoints 6.2.3.10807 030519scope: - version: -

Trust: 0.3

vendor:ciscomodel:advanced malware protection for endpointsscope:eqversion:6.2(3)

Trust: 0.3

vendor:ciscomodel:advanced malware protection for endpointsscope:neversion:6.3.3

Trust: 0.3

sources: BID: 109050 // JVNDB: JVNDB-2019-006242 // NVD: CVE-2019-1932

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1932
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1932
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1932
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201907-219
value: MEDIUM

Trust: 0.6

VULHUB: VHN-151754
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1932
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151754
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1932
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-151754 // JVNDB: JVNDB-2019-006242 // CNNVD: CNNVD-201907-219 // NVD: CVE-2019-1932 // NVD: CVE-2019-1932

PROBLEMTYPE DATA

problemtype:CWE-345

Trust: 1.9

sources: VULHUB: VHN-151754 // JVNDB: JVNDB-2019-006242 // NVD: CVE-2019-1932

THREAT TYPE

local

Trust: 0.9

sources: BID: 109050 // CNNVD: CNNVD-201907-219

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201907-219

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006242

PATCH

title:cisco-sa-20190703-amp-commandinjurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-amp-commandinj

Trust: 0.8

title:Cisco Advanced Malware Protection for Endpoints for Windows Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94409

Trust: 0.6

sources: JVNDB: JVNDB-2019-006242 // CNNVD: CNNVD-201907-219

EXTERNAL IDS

db:NVDid:CVE-2019-1932

Trust: 2.8

db:BIDid:109050

Trust: 1.0

db:JVNDBid:JVNDB-2019-006242

Trust: 0.8

db:AUSCERTid:ESB-2019.2444

Trust: 0.6

db:CNNVDid:CNNVD-201907-219

Trust: 0.6

db:VULHUBid:VHN-151754

Trust: 0.1

sources: VULHUB: VHN-151754 // BID: 109050 // JVNDB: JVNDB-2019-006242 // CNNVD: CNNVD-201907-219 // NVD: CVE-2019-1932

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190703-amp-commandinj

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1932

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1932

Trust: 0.8

url:https://www.securityfocus.com/bid/109050

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2444/

Trust: 0.6

sources: VULHUB: VHN-151754 // BID: 109050 // JVNDB: JVNDB-2019-006242 // CNNVD: CNNVD-201907-219 // NVD: CVE-2019-1932

CREDITS

Edsel Valle of NSS Labs.

Trust: 0.9

sources: BID: 109050 // CNNVD: CNNVD-201907-219

SOURCES

db:VULHUBid:VHN-151754
db:BIDid:109050
db:JVNDBid:JVNDB-2019-006242
db:CNNVDid:CNNVD-201907-219
db:NVDid:CVE-2019-1932

LAST UPDATE DATE

2024-11-23T22:58:38.487000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-151754date:2019-10-09T00:00:00
db:BIDid:109050date:2019-07-03T00:00:00
db:JVNDBid:JVNDB-2019-006242date:2019-07-17T00:00:00
db:CNNVDid:CNNVD-201907-219date:2019-07-16T00:00:00
db:NVDid:CVE-2019-1932date:2024-11-21T04:37:42.820

SOURCES RELEASE DATE

db:VULHUBid:VHN-151754date:2019-07-06T00:00:00
db:BIDid:109050date:2019-07-03T00:00:00
db:JVNDBid:JVNDB-2019-006242date:2019-07-17T00:00:00
db:CNNVDid:CNNVD-201907-219date:2019-07-03T00:00:00
db:NVDid:CVE-2019-1932date:2019-07-06T02:15:12.090