ID

VAR-202101-1060


CVE

CVE-2021-1280


TITLE

Windows  for  Cisco Advanced Malware Protection for Endpoints  and  Immunet  Vulnerability in Uncontrolled Search Path Elements

Trust: 0.8

sources: JVNDB: JVNDB-2021-002787

DESCRIPTION

A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection (AMP) for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with SYSTEM privileges

Trust: 1.8

sources: NVD: CVE-2021-1280 // JVNDB: JVNDB-2021-002787 // VULHUB: VHN-374334 // VULMON: CVE-2021-1280

AFFECTED PRODUCTS

vendor:ciscomodel:immunetscope:ltversion:7.3.12

Trust: 1.0

vendor:ciscomodel:advanced malware protection for endpointsscope:ltversion:7.3.3

Trust: 1.0

vendor:シスコシステムズmodel:cisco advanced malware protection for endpointsscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco immunetscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002787 // NVD: CVE-2021-1280

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1280
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1280
value: HIGH

Trust: 1.0

NVD: CVE-2021-1280
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202101-1537
value: HIGH

Trust: 0.6

VULHUB: VHN-374334
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1280
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1280
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374334
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1280
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.3
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1280
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-1280
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374334 // VULMON: CVE-2021-1280 // JVNDB: JVNDB-2021-002787 // CNNVD: CNNVD-202101-1537 // NVD: CVE-2021-1280 // NVD: CVE-2021-1280

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.1

problemtype:Uncontrolled search path elements (CWE-427) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374334 // JVNDB: JVNDB-2021-002787 // NVD: CVE-2021-1280

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1537

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202101-1537

PATCH

title:cisco-sa-amp-imm-dll-5PAZ3hRVurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp-imm-dll-5PAZ3hRV

Trust: 0.8

title:Cisco Advanced Malware Protection Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139926

Trust: 0.6

title:Cisco: Cisco Advanced Malware Protection for Endpoints and Immunet for Windows DLL Hijacking Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-amp-imm-dll-5PAZ3hRV

Trust: 0.1

sources: VULMON: CVE-2021-1280 // JVNDB: JVNDB-2021-002787 // CNNVD: CNNVD-202101-1537

EXTERNAL IDS

db:NVDid:CVE-2021-1280

Trust: 2.6

db:JVNDBid:JVNDB-2021-002787

Trust: 0.8

db:AUSCERTid:ESB-2021.0245

Trust: 0.6

db:CNNVDid:CNNVD-202101-1537

Trust: 0.6

db:VULHUBid:VHN-374334

Trust: 0.1

db:VULMONid:CVE-2021-1280

Trust: 0.1

sources: VULHUB: VHN-374334 // VULMON: CVE-2021-1280 // JVNDB: JVNDB-2021-002787 // CNNVD: CNNVD-202101-1537 // NVD: CVE-2021-1280

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-amp-imm-dll-5paz3hrv

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1280

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.0245/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/427.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374334 // VULMON: CVE-2021-1280 // JVNDB: JVNDB-2021-002787 // CNNVD: CNNVD-202101-1537 // NVD: CVE-2021-1280

SOURCES

db:VULHUBid:VHN-374334
db:VULMONid:CVE-2021-1280
db:JVNDBid:JVNDB-2021-002787
db:CNNVDid:CNNVD-202101-1537
db:NVDid:CVE-2021-1280

LAST UPDATE DATE

2024-08-14T14:56:06.221000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374334date:2021-01-28T00:00:00
db:VULMONid:CVE-2021-1280date:2021-01-28T00:00:00
db:JVNDBid:JVNDB-2021-002787date:2021-10-01T08:56:00
db:CNNVDid:CNNVD-202101-1537date:2021-02-01T00:00:00
db:NVDid:CVE-2021-1280date:2023-11-07T03:27:51.670

SOURCES RELEASE DATE

db:VULHUBid:VHN-374334date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1280date:2021-01-20T00:00:00
db:JVNDBid:JVNDB-2021-002787date:2021-10-01T00:00:00
db:CNNVDid:CNNVD-202101-1537date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1280date:2021-01-20T20:15:16.330