VDB

CNVD-2024-41622

CNVD-2024-41622 PUBLISHED CVSS 7.5 HIGH

Cisco Secure Endpoint(Cisco AMP for Endpoints)是美国思科(Cisco)公司的一套集成了静态和动态恶意软件分析以及威胁情报于一体的终端应用程序。 Cisco Secure Endpoint Connector for Windows 7.5.17之前、8.2.3.301191之前版本,Secure Endpoint Private Cloud 3.8.0之前版本存在缓冲区溢出漏洞,该漏洞源于扫描期间对字符串结尾值的错误检查。攻击者可利用该漏洞导致堆缓冲区过度读取在受影响的设备上造成拒绝服务。

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
CiscoCisco Secure Endpoint8.1.7.21417, 6.0.9, 6.0.7
CiscoCisco Secure Endpoint Private Cloud Administration PortalN/A
CiscoCisco Secure Endpoint Private Cloud ConsoleN/A

Timeline

  • Feb 7, 2024 CVE Published
  • Feb 7, 2024 PoC Published
  • Feb 9, 2024 PoC Published
  • Mar 1, 2024 PoC Published
  • Mar 2, 2024 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›