CVE-2021-1386

Published on: 04/08/2021 12:00:00 AM UTC

Last Modified on: 04/08/2021 11:26:00 AM UTC

CVE-2021-1386 - advisory for cisco-sa-amp-imm-dll-tu79hvkO

Source: Mitre
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Advanced Malware Protection For Endpoints from Cisco contain the following vulnerability:

A vulnerability in the dynamic link library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Endpoints Windows Connector, ClamAV for Windows, and Immunet could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected Windows system. To exploit this vulnerability, the attacker would need valid credentials on the system. The vulnerability is due to insufficient validation of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on an affected system. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges.

  • CVE-2021-1386 has been assigned by [email protected] to track the vulnerability
  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory.
  • Affected Vendor/Software: Cisco - Cisco AMP for Endpoints version n/a

CVE References

Description Tags Link
Cisco Advanced Malware Protection for Endpoints Windows Connector, ClamAV for Windows, and Immunet DLL Hijacking Vulnerability tools.cisco.com
text/html
URL Logo CISCO 20210407 Cisco Advanced Malware Protection for Endpoints Windows Connector, ClamAV for Windows, and Immunet DLL Hijacking Vulnerability

Related QID Numbers

  • 375443 Cisco AMP and Immunet Hijacking Vulnerability (cisco-sa-amp-imm-dll-tu79hvkO)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationCiscoAdvanced Malware Protection For EndpointsAllAllAllAll
ApplicationCiscoClamavAllAllAllAll
ApplicationCiscoImmunetAllAllAllAll
  • cpe:2.3:a:cisco:advanced_malware_protection_for_endpoints:*:*:*:*:*:windows:*:*:
  • cpe:2.3:a:cisco:clamav:*:*:*:*:*:windows:*:*:
  • cpe:2.3:a:cisco:immunet:*:*:*:*:*:windows:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2021-1386 : A vulnerability in the dynamic link library DLL loading mechanism in Cisco Advanced Malware Prot… twitter.com/i/web/status/1… 2021-04-08 04:17:57
Twitter Icon @LinInfoSec Clamav - CVE-2021-1386: tools.cisco.com/security/cente… 2021-04-08 12:01:42
Twitter Icon @Har_sia CVE-2021-1386 har-sia.info/CVE-2021-1386.… #HarsiaInfo 2021-04-08 18:29:04