CVE-2019-1932
MEDIUMCisco Advanced Malware Protection for Endpoints - Authenticated Remote Code Execution via Dynamically Loaded Module
Title source: llmDescription
A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows filesystem. A successful exploit could allow the attacker to execute the code with the privileges of the AMP service.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-amp-commandinj
Scores
CVSS v3
6.7
EPSS
0.0027
EPSS Percentile
18.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-345
Status
published
Products (1)
cisco/advanced_malware_protection_for_endpoints
6.2\(3\)
Published
Jul 06, 2019
Tracked Since
Feb 18, 2026