CVE-2018-15437

MEDIUM

Cisco Immunet & AMP for Endpoints - Resource Consumption in System Scanning

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-15437. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service (DoS) vulnerability in Cisco Immunet and Cisco AMP for Endpoints by creating a named pipe with improper security descriptors, leading to a NULL DACL that disables scanning functionality.

Description

A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. An attacker could exploit this vulnerability by gaining local access to a system running Microsoft Windows and protected by Cisco Immunet or Cisco AMP for Endpoints and executing a malicious file. A successful exploit could allow the attacker to prevent the scanning services from functioning properly and ultimately prevent the system from being protected from further intrusion.

Exploits (1)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · cdoswindows

https://www.exploit-db.com/exploits/45829

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service (DoS) vulnerability in Cisco Immunet and Cisco AMP for Endpoints by creating a named pipe with improper security descriptors, leading to a NULL DACL that disables scanning functionality.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Cisco Immunet < v6.2.0 and Cisco AMP For Endpoints v6.2.0

No auth needed

Prerequisites: Local access to a Windows system running vulnerable Cisco Immunet or AMP for Endpoints

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105867

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-imm-dos

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45829/

Scores

CVSS v3 5.5

EPSS 0.0073

EPSS Percentile 73.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (2)

cisco/advanced_malware_protection_for_endpoints

cisco/immunet_for_endpoints

Published Nov 08, 2018

Tracked Since Feb 18, 2026