CVE-2018-0237 - Vulnerability Details - OpenCVE

A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detecting DMG files. An attacker could exploit this vulnerability by sending a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector. An exploit could allow the attacker to bypass configured malware detection. Cisco Bug IDs: CSCve34034.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Cisco	Advanced Malware Protection For Endpoints

Configuration 1 [-]

cpe:2.3:a:cisco:advanced_malware_protection_for_endpoints:1.4\(5\):*:*:*:*:mac_os_x:*:*

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp
https://wwws.nightwatchcybersecurity.com/2018/02/25/research-compressed-files-auto-detection-on-macos/

History

Fri, 29 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2018-04-19T20:00:00

Updated: 2024-11-29T15:17:40.118Z

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0237

Vulnrichment

Updated: 2024-08-05T03:21:13.870Z

NVD

Status : Modified

Published: 2018-04-19T20:29:00.643

Modified: 2024-11-21T03:37:47.473

Link: CVE-2018-0237

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco AMP for Endpoints", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco AMP for Endpoints"}]}], "datePublic": "2018-04-19T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detecting DMG files. An attacker could exploit this vulnerability by sending a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector. An exploit could allow the attacker to bypass configured malware detection. Cisco Bug IDs: CSCve34034."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-04-24T05:57:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp"}, {"tags": ["x_refsource_MISC"], "url": "https://wwws.nightwatchcybersecurity.com/2018/02/25/research-compressed-files-auto-detection-on-macos/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2018-0237", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco AMP for Endpoints", "version": {"version_data": [{"version_value": "Cisco AMP for Endpoints"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detecting DMG files. An attacker could exploit this vulnerability by sending a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector. An exploit could allow the attacker to bypass configured malware detection. Cisco Bug IDs: CSCve34034."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp"}, {"name": "https://wwws.nightwatchcybersecurity.com/2018/02/25/research-compressed-files-auto-detection-on-macos/", "refsource": "MISC", "url": "https://wwws.nightwatchcybersecurity.com/2018/02/25/research-compressed-files-auto-detection-on-macos/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:21:13.870Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wwws.nightwatchcybersecurity.com/2018/02/25/research-compressed-files-auto-detection-on-macos/"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-29T14:44:28.388137Z", "id": "CVE-2018-0237", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-29T15:17:40.118Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0237", "datePublished": "2018-04-19T20:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2024-11-29T15:17:40.118Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://wwws.nightwatchcybersecurity.com/2018/02/25/research-compressed-files-auto-detection-on-macos/", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:21:13.870Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-0237", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-29T14:44:28.388137Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-29T14:45:22.688Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "Cisco AMP for Endpoints", "versions": [{"status": "affected", "version": "Cisco AMP for Endpoints"}]}], "datePublic": "2018-04-19T00:00:00", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://wwws.nightwatchcybersecurity.com/2018/02/25/research-compressed-files-auto-detection-on-macos/", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detecting DMG files. An attacker could exploit this vulnerability by sending a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector. An exploit could allow the attacker to bypass configured malware detection. Cisco Bug IDs: CSCve34034."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2018-04-24T05:57:02"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "Cisco AMP for Endpoints"}]}, "product_name": "Cisco AMP for Endpoints"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp", "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp", "refsource": "CONFIRM"}, {"url": "https://wwws.nightwatchcybersecurity.com/2018/02/25/research-compressed-files-auto-detection-on-macos/", "name": "https://wwws.nightwatchcybersecurity.com/2018/02/25/research-compressed-files-auto-detection-on-macos/", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detecting DMG files. An attacker could exploit this vulnerability by sending a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector. An exploit could allow the attacker to bypass configured malware detection. Cisco Bug IDs: CSCve34034."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-0237", "STATE": "PUBLIC", "ASSIGNER": "psirt@cisco.com"}}}}, "cveMetadata": {"cveId": "CVE-2018-0237", "state": "PUBLISHED", "dateUpdated": "2024-11-29T15:17:40.118Z", "dateReserved": "2017-11-27T00:00:00", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2018-04-19T20:00:00", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:advanced_malware_protection_for_endpoints:1.4\\(5\\):*:*:*:*:mac_os_x:*:*", "matchCriteriaId": "E32A7B4E-FCBA-49FD-AC46-E3F033458D60", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detecting DMG files. An attacker could exploit this vulnerability by sending a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector. An exploit could allow the attacker to bypass configured malware detection. Cisco Bug IDs: CSCve34034."}, {"lang": "es", "value": "Una vulnerabilidad en el mecanismo de detecci\u00f3n de tipos de archivo en Cisco Advanced Malware Protection (AMP) para Endpoints macOS Connector podr\u00eda permitir que un atacante remoto no autenticado omita la detecci\u00f3n de malware. La vulnerabilidad ocurre debido a que el software depende solo de la extensi\u00f3n del archivo para detectar archivos DMG. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un archivo DMG con una extensi\u00f3n no est\u00e1ndar a un dispositivo que ejecuta un AMP afectado para Endpoints macOS Connector. Su explotaci\u00f3n podr\u00eda permitir que el atacante omita la detecci\u00f3n de malware configurada. Cisco Bug IDs: CSCve34034."}], "id": "CVE-2018-0237", "lastModified": "2024-11-21T03:37:47.473", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-19T20:29:00.643", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory"], "url": "https://wwws.nightwatchcybersecurity.com/2018/02/25/research-compressed-files-auto-detection-on-macos/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://wwws.nightwatchcybersecurity.com/2018/02/25/research-compressed-files-auto-detection-on-macos/"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-706"}], "source": "nvd@nist.gov", "type": "Primary"}]}