CVE-2018-15437

moderate-risk

Published 2018-11-08

A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. An attacker could exploit this vulnerability by gaining local access to a system running Microsoft Windows and protected by Cisco Immunet or Cisco AMP for Endpoints and executing a malicious file. A successful exploit could allow the attacker to prevent the scanning services from functioning properly and ultimately prevent the system from being protected from further intrusion.

Do I need to act?

0.73% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

45829

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (2)

Advanced Malware Protection For Endpoints

Immunet For Endpoints

Affected Vendors

Cisco

References (6)

Third Party Advisory http://www.securityfocus.com/bid/105867

Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...

Exploit https://www.exploit-db.com/exploits/45829/

Third Party Advisory http://www.securityfocus.com/bid/105867

Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...

Exploit https://www.exploit-db.com/exploits/45829/

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 9/34 · Low

Exposure 7/34 · Low