Cisco Advanced Malware Protection for Endpoints and Immunet for Windows DLL Hijacking Vulnerability

A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection (AMP) for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with SYSTEM privileges.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

对搜索路径元素未加控制

Cisco Advanced Malware Protection 代码问题漏洞

Cisco Advanced Malware Protection（AMP）for Endpoints for Windows是美国思科（Cisco）公司的一款基于Windows平台的端点安全解决方案。该产品主要具有高级威胁预防、监测和响应等功能。 Cisco Advanced Malware Protection 的 specific DLLs 存在代码问题漏洞，该漏洞允许经过身份验证的本地攻击者执行DLL劫持攻击。

N/A

N/A