cnvd - cnvd-2018-09394

cnvd-2018-09394

Vulnerability from cnvd

Title: Cisco Advanced Malware Protection for Endpoints macOS Connector输入验证漏洞

Description:

Cisco Advanced Malware Protection（AMP）for Endpoints macOS Connector是美国思科（Cisco）公司的一款用于macOS设备的，防止、监测和响应高级威胁的端点安全解决方案。

Cisco AMP for Endpoints macOS Connector中的文件类型检测机制存在输入验证漏洞，该漏洞源于软件仅依靠文件扩展来检测DMG文件。远程攻击者可通过发送带有不标准扩展的DMG文件利用该漏洞绕过恶意软件的检测。

Severity: 中

Patch Name: Cisco Advanced Malware Protection for Endpoints macOS Connector输入验证漏洞的补丁

Patch Description:

Cisco AMP for Endpoints macOS Connector中的文件类型检测机制存在输入验证漏洞，该漏洞源于软件仅依靠文件扩展来检测DMG文件。远程攻击者可通过发送带有不标准扩展的DMG文件利用该漏洞绕过恶意软件的检测。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve34034

Reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp

Impacted products

Name
Cisco Advanced Malware Protection（AMP）for Endpoints macOS Connector

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0237",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0237"
    }
  },
  "description": "Cisco Advanced Malware Protection\uff08AMP\uff09for Endpoints macOS Connector\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8emacOS\u8bbe\u5907\u7684\uff0c\u9632\u6b62\u3001\u76d1\u6d4b\u548c\u54cd\u5e94\u9ad8\u7ea7\u5a01\u80c1\u7684\u7aef\u70b9\u5b89\u5168\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCisco AMP for Endpoints macOS Connector\u4e2d\u7684\u6587\u4ef6\u7c7b\u578b\u68c0\u6d4b\u673a\u5236\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f6f\u4ef6\u4ec5\u4f9d\u9760\u6587\u4ef6\u6269\u5c55\u6765\u68c0\u6d4bDMG\u6587\u4ef6\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u5e26\u6709\u4e0d\u6807\u51c6\u6269\u5c55\u7684DMG\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u6076\u610f\u8f6f\u4ef6\u7684\u68c0\u6d4b\u3002",
  "discovererName": "Unknow",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://bst.cloudapps.cisco.com/bugsearch/bug/CSCve34034",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-09394",
  "openTime": "2018-05-14",
  "patchDescription": "Cisco Advanced Malware Protection\uff08AMP\uff09for Endpoints macOS Connector\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8emacOS\u8bbe\u5907\u7684\uff0c\u9632\u6b62\u3001\u76d1\u6d4b\u548c\u54cd\u5e94\u9ad8\u7ea7\u5a01\u80c1\u7684\u7aef\u70b9\u5b89\u5168\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCisco AMP for Endpoints macOS Connector\u4e2d\u7684\u6587\u4ef6\u7c7b\u578b\u68c0\u6d4b\u673a\u5236\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f6f\u4ef6\u4ec5\u4f9d\u9760\u6587\u4ef6\u6269\u5c55\u6765\u68c0\u6d4bDMG\u6587\u4ef6\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u5e26\u6709\u4e0d\u6807\u51c6\u6269\u5c55\u7684DMG\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u6076\u610f\u8f6f\u4ef6\u7684\u68c0\u6d4b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Advanced Malware Protection for Endpoints macOS Connector\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Advanced Malware Protection\uff08AMP\uff09for Endpoints macOS Connector"
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp",
  "serverity": "\u4e2d",
  "submitTime": "2018-05-10",
  "title": "Cisco Advanced Malware Protection for Endpoints macOS Connector\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e"
}

CVE-2018-0237 (GCVE-0-2018-0237)

Vulnerability from cvelistv5

Published

2018-04-19 20:00

Modified

2024-11-29 15:17

Severity ?

CWE

CWE-20

Summary

A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detecting DMG files. An attacker could exploit this vulnerability by sending a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector. An exploit could allow the attacker to bypass configured malware detection. Cisco Bug IDs: CSCve34034.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp	x_refsource_CONFIRM
	https://wwws.nightwatchcybersecurity.com/2018/02/25/research-compressed-files-auto-detection-on-macos/	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Cisco AMP for Endpoints	Version: Cisco AMP for Endpoints

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:13.870Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wwws.nightwatchcybersecurity.com/2018/02/25/research-compressed-files-auto-detection-on-macos/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0237",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:44:28.388137Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:17:40.118Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco AMP for Endpoints",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco AMP for Endpoints"
            }
          ]
        }
      ],
      "datePublic": "2018-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detecting DMG files. An attacker could exploit this vulnerability by sending a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector. An exploit could allow the attacker to bypass configured malware detection. Cisco Bug IDs: CSCve34034."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-24T05:57:02",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wwws.nightwatchcybersecurity.com/2018/02/25/research-compressed-files-auto-detection-on-macos/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0237",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco AMP for Endpoints",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco AMP for Endpoints"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detecting DMG files. An attacker could exploit this vulnerability by sending a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector. An exploit could allow the attacker to bypass configured malware detection. Cisco Bug IDs: CSCve34034."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp"
            },
            {
              "name": "https://wwws.nightwatchcybersecurity.com/2018/02/25/research-compressed-files-auto-detection-on-macos/",
              "refsource": "MISC",
              "url": "https://wwws.nightwatchcybersecurity.com/2018/02/25/research-compressed-files-auto-detection-on-macos/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0237",
    "datePublished": "2018-04-19T20:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-29T15:17:40.118Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted