CVE-2018-15452: Cisco Advanced Malware Protection for Endpoints on Windows DLL Preloading Vulnerability
First published: Tue Nov 13 2018(Updated: )
A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit this vulnerability, the attacker would need to have administrative credentials on the Windows system. The vulnerability is due to the improper validation of resources loaded by a system process at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. A successful exploit could allow the attacker to disable the targeted system's scanning services and ultimately prevent the system from being protected from further intrusion. There are no workarounds that address this vulnerability.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Advanced Malware Protection | ||
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-15452?
CVE-2018-15452 has been assigned a moderate severity rating due to its potential to disrupt security scanning services.
How do I fix CVE-2018-15452?
To remediate CVE-2018-15452, ensure that you update Cisco Advanced Malware Protection (AMP) for Endpoints to the latest version provided by Cisco.
Who is affected by CVE-2018-15452?
CVE-2018-15452 affects authenticated local users on systems running vulnerable versions of Cisco Advanced Malware Protection (AMP) for Endpoints.
What can an attacker do by exploiting CVE-2018-15452?
An attacker exploiting CVE-2018-15452 can disable system scanning services and hinder detection of unauthorized intrusions on the affected system.
Is Microsoft Windows vulnerable to CVE-2018-15452?
Microsoft Windows itself is not directly vulnerable to CVE-2018-15452, but it is the platform on which the vulnerable Cisco AMP for Endpoints runs.
- agent/references
- agent/type
- agent/author
- agent/weakness
- agent/title
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco advanced malware protection
- vendor/microsoft
- canonical/microsoft windows operating system