Multiple vulnerabilities in Cisco AMP for Endpoints Mac Connector Software

1) Input validation error

EUVDB-ID: #VU28149

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-3314

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the file scan process. A remote attacker can trick a victim to open a specially crafted file and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco AMP for Endpoints Mac Connector Software: before 1.12.3.738

CPE2.3

• cpe:2.3:a:cisco_systems:cisco_amp_for_endpoints_mac_connector_software:*:*:*:*:*:*:*:*

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp4emac-dos-kfKjUGtM

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Buffer overflow

EUVDB-ID: #VU28151

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-3344

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error. A local user can send a specially crafted packet, trigger memory corruption and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco AMP for Endpoints Mac Connector Software: before 1.12.3.738

CPE2.3

• cpe:2.3:a:cisco_systems:cisco_amp_for_endpoints_mac_connector_software:*:*:*:*:*:*:*:*

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp4elinux-h33dkrvb

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?