漏洞标题
Cisco高级端点恶意软件防护和Windows DLL劫持漏洞的Immunet防护
漏洞描述信息
Cisco终端高级恶意软件防护和Windows DLL劫持漏洞的Immunet防护
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Cisco Advanced Malware Protection for Endpoints and Immunet for Windows DLL Hijacking Vulnerability
漏洞描述信息
A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection (AMP) for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with SYSTEM privileges.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
对搜索路径元素未加控制
漏洞标题
Cisco Advanced Malware Protection 代码问题漏洞
漏洞描述信息
Cisco Advanced Malware Protection(AMP)for Endpoints for Windows是美国思科(Cisco)公司的一款基于Windows平台的端点安全解决方案。该产品主要具有高级威胁预防、监测和响应等功能。 Cisco Advanced Malware Protection 的 specific DLLs 存在代码问题漏洞,该漏洞允许经过身份验证的本地攻击者执行DLL劫持攻击。
CVSS信息
N/A
漏洞类别
代码问题