CVE-2018-15437

A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. An attacker could exploit this vulnerability by gaining local access to a system running Microsoft Windows and protected by Cisco Immunet or Cisco AMP for Endpoints and executing a malicious file. A successful exploit could allow the attacker to prevent the scanning services from functioning properly and ultimately prevent the system from being protected from further intrusion.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/105867	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-imm-dos	Vendor Advisory
https://www.exploit-db.com/exploits/45829/	Exploit Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:cisco:advanced_malware_protection_for_endpoints:-:::::::*
	cpe:2.3:a:cisco:immunet_for_endpoints:-:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-11-08 17:29

Updated : 2024-02-04 20:03

NVD link : CVE-2018-15437

Mitre link : CVE-2018-15437

CVE.ORG link : CVE-2018-15437

JSON object : View

Products Affected

cisco

immunet_for_endpoints
advanced_malware_protection_for_endpoints

microsoft

windows

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2018-15437", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-11-08T17:29:00.560", "references": [{"url": "http://www.securityfocus.com/bid/105867", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-imm-dos", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://www.exploit-db.com/exploits/45829/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. An attacker could exploit this vulnerability by gaining local access to a system running Microsoft Windows and protected by Cisco Immunet or Cisco AMP for Endpoints and executing a malicious file. A successful exploit could allow the attacker to prevent the scanning services from functioning properly and ultimately prevent the system from being protected from further intrusion."}, {"lang": "es", "value": "Una vulnerabilidad en el componente de escaneo de sistemas Cisco Immunet y Cisco Advanced Malware Protection (AMP) for Endpoints que se ejecuten en Microsoft Windows podr\u00eda permitir que un atacante local deshabilite la funcionalidad de escaneo del producto. Esto podr\u00eda permitir que los archivos ejecutables se lancen en el sistema sin que se analicen en busca de amenazas. Esta vulnerabilidad se debe a la manipulaci\u00f3n incorrecta de los recursos de los procesos. Un atacante podr\u00eda explotar esta vulnerabilidad obteniendo acceso local a un sistema que se ejecute en Microsoft Windows y que est\u00e9 protegido por Cisco Immunet o Cisco AMP for Endpoints y ejecutando un archivo malicioso. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante evite que los servicios de escaneo funcionen correctamente y finalmente evitar que el sistema est\u00e9 protegido contra futuras intrusiones."}], "lastModified": "2020-09-16T14:13:03.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:advanced_malware_protection_for_endpoints:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EE173FA-23EB-4046-8FE3-1C136713F44C"}, {"criteria": "cpe:2.3:a:cisco:immunet_for_endpoints:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C12B9E16-1154-4A68-8043-7F87991D31B5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}