CVE-2020-3314

CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 53.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Advanced Malware Protection FOR Endpoints Cisco Cisco AMP FOR Endpoints

Timeline

PublishedMay 22

Latest updateMay 24

Description

A vulnerability in the file scan process of Cisco AMP for Endpoints Mac Connector Software could cause the scan engine to crash during the scan of local files, resulting in a restart of the AMP Connector and a denial of service (DoS) condition of the Cisco AMP for Endpoints service. The vulnerability is due to insufficient input validation of specific file attributes. An attacker could exploit this vulnerability by providing a crafted file to a user of an affected system. A successful exploit co…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:HExploitability: 1.8 | Impact: 4.2

Affected Packages2 packages

▶CVEListV5cisco/cisco_amp_for_endpointsn/a

▶NVDcisco/advanced_malware_protection< 1.12.3.738

🔴Vulnerability Details

GHSA

GHSA-qf9r-vh5p-wwvx: A vulnerability in the file scan process of Cisco AMP for Endpoints Mac Connector Software could cause the scan engine to crash during the scan of loc↗2022-05-24

▶

CVEList

Cisco AMP for Endpoints Mac Connector Software File Scan Denial of Service Vulnerability↗2020-05-22

▶

📋Vendor Advisories

Cisco

Cisco AMP for Endpoints Mac Connector Software File Scan Denial of Service Vulnerability↗2020-05-20

▶