CVE-2018-0237

5.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Amp For Endpoints
Vendor: CVE Published:; 19 April 2018

Summary

A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detecting DMG files. An attacker could exploit this vulnerability by sending a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector. An exploit could allow the attacker to bypass configured malware detection. Cisco Bug IDs: CSCve34034.

Affected Version(s)

Cisco AMP for Endpoints Cisco AMP for Endpoints

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

https://wwws.nightwatchcybersecurity.com/2018/02/25/resea...

x_refsource_MISC

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 19, 2018
Vulnerability Reserved
Nov 27, 2017