CVE-2021-1386

Name of the Vulnerable Software and Affected Versions: Cisco Advanced Malware Protection for Endpoints Windows Connector versions (affected versions not specified) ClamAV for Windows versions (affected versions not specified) Immunet versions (affected versions not specified)

Description: The issue is related to errors in the dynamic link library (DLL) loading mechanism, specifically due to insufficient validation of directory search paths at run time. This could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected Windows system. The attacker would need valid credentials on the system to exploit this issue. By placing a malicious DLL file on an affected system, an attacker could execute arbitrary code with SYSTEM privileges.

Recommendations: For Cisco Advanced Malware Protection for Endpoints Windows Connector, restrict access to the DLL loading mechanism until a patch is available. For ClamAV for Windows, consider disabling the dynamic link library loading feature as a temporary workaround until a fix is provided. For Immunet, avoid using the vulnerable DLL loading mechanism in the affected Windows system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.