Denial of service in Cisco Immunet

Published: 2018-11-08 15:47:11
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-15437
CVSSv3 4.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CWE ID CWE-20
Exploitation vector Local
Public exploit Not available
Vulnerable software Cisco Immunet
Vulnerable software versions Cisco Immunet -
Vendor URL Cisco Systems, Inc

Security Advisory

1) Improper input validation

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists in the system scanning component due to improper process resource handling. A local attacker on a system running Microsoft Windows, execute a malicious file to prevent the scanning services from functioning properly and ultimately prevent the system from being protected from further intrusion.

Remediation

Update to version 6.2.0.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-imm-dos

Back to List