CVE-2019-1932

CVE Database · CVE-2019-1932

CVE-2019-1932

· N/AModified

CVSS v3.1

N/A

EPSS

0.27%

Published

Jul 5, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows filesystem. A successful exploit could allow the attacker to execute the code with the privileges of the AMP service.

Weaknesses (CWE)

CWE-345CWE-345

Affected Products (2)

cisco · advanced_malware_protection_for_endpointsvulnerable

microsoft · windows

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-amp-commandinj

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-amp-commandinj

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs