CVE-2021-1280

CWE-4274 documents4 sources

Severity

7.3HIGH

EPSS

0.1%

top 80.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Advanced Malware Protection FOR Endpoints Cisco Immunet Cisco Cisco AMP FOR Endpoints

Timeline

PublishedJan 20

Latest updateMay 24

Description

A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection (AMP) for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the ta…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDcisco/advanced_malware_protection< 7.3.3

▶NVDcisco/immunet< 7.3.12

▶CVEListV5cisco/cisco_amp_for_endpointsn/a

🔴Vulnerability Details

GHSA

GHSA-674c-q4r5-6548: A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection (AMP) for Endpoints for Windows and Immunet for Windows↗2022-05-24

▶

CVEList

Cisco Advanced Malware Protection for Endpoints and Immunet for Windows DLL Hijacking Vulnerability↗2021-01-20

▶

📋Vendor Advisories

Cisco

Cisco Advanced Malware Protection for Endpoints and Immunet for Windows DLL Hijacking Vulnerability↗2021-01-20

▶