Protection mechanism failure in Cisco AMP for Endpoints - CVE-2018-0237
Published: April 23, 2018
Vulnerability identifier: #VU12093
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0237
CWE-ID: CWE-693
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco AMP for Endpoints
Cisco AMP for Endpoints
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions.
The weakness exists in the file type detection mechanism due to the software relies on only the file extension for detecting DMG files. A remote attacker can send a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector and bypass configured malware detection.
The weakness exists in the file type detection mechanism due to the software relies on only the file extension for detecting DMG files. A remote attacker can send a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector and bypass configured malware detection.
How to mitigate CVE-2018-0237
Install update from vendor's website.