CVE-2018-0397

Name of the Vulnerable Software and Affected Versions: Cisco AMP for Endpoints Mac Connector Software version installed on Apple macOS 10.12

Description: A vulnerability in the software could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. The issue exists when the software is running in Block network conviction mode. Exploitation could occur if the system starts a server process and an address in the IP blacklist cache attempts to connect to the affected system. A successful exploit could allow the attacker to cause a kernel panic, resulting in a DoS condition. The vulnerability is related to resource management errors.

Recommendations: For Cisco AMP for Endpoints Mac Connector Software version installed on Apple macOS 10.12, consider disabling the Block network conviction mode as a temporary workaround until a patch is available. Restrict access to the server process to minimize the risk of exploitation. Avoid using the IP blacklist cache in the affected software until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.