PT-2019-2660 · Cisco · Cisco Amp For Endpoints

Publicado

2019-07-03

Atualizado

2019-10-09

CVE-2019-1932

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco AMP for Endpoints versions (affected versions not specified)

Description The issue is related to insufficient validation of dynamically loaded modules, which could allow an attacker to execute arbitrary code with the privileges of the AMP service. An authenticated, local attacker with administrator privileges can exploit this by placing a file in a specific location in the Windows filesystem.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficient Verification of Data Authenticity

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-345

Identificadores relacionados

BDU:2019-02546

CVE-2019-1932

Produtos afetados

Cisco Amp For Endpoints

PT-2019-2660 · Cisco · Cisco Amp For Endpoints

CVE-2019-1932

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6