#VU12093 Protection mechanism failure in Cisco AMP for Endpoints - CVE-2018-0237
Published: April 23, 2018
Vulnerability identifier: #VU12093
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0237
CWE-ID: CWE-693
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco AMP for Endpoints
Cisco AMP for Endpoints
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions.
The weakness exists in the file type detection mechanism due to the software relies on only the file extension for detecting DMG files. A remote attacker can send a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector and bypass configured malware detection.
The weakness exists in the file type detection mechanism due to the software relies on only the file extension for detecting DMG files. A remote attacker can send a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector and bypass configured malware detection.
Remediation
Install update from vendor's website.