VDB
CNVD-2024-41622
CNVD-2024-41622
PUBLISHED
CVSS 7.5 HIGH
Cisco Secure Endpoint(Cisco AMP for Endpoints)是美国思科(Cisco)公司的一套集成了静态和动态恶意软件分析以及威胁情报于一体的终端应用程序。 Cisco Secure Endpoint Connector for Windows 7.5.17之前、8.2.3.301191之前版本,Secure Endpoint Private Cloud 3.8.0之前版本存在缓冲区溢出漏洞,该漏洞源于扫描期间对字符串结尾值的错误检查。攻击者可利用该漏洞导致堆缓冲区过度读取在受影响的设备上造成拒绝服务。
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Secure Endpoint | 8.1.7.21417, 6.0.9, 6.0.7 |
| Cisco | Cisco Secure Endpoint Private Cloud Administration Portal | N/A |
| Cisco | Cisco Secure Endpoint Private Cloud Console | N/A |
Exploit Intelligence
- CIRCL seen: CVE-2024-20290 (circl-sighting)
- CIRCL seen: CVE-2024-20290 (circl-sighting)
- CIRCL seen: CVE-2024-20290 (circl-sighting)
- CIRCL seen: CVE-2024-20290 (circl-sighting)
- cisco-sa-clamav-hDffu6t (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MUDUPAHAAV6FPB2C2QIQCFJ4SHYBOTY/ (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/ (circl)
Timeline
- Feb 7, 2024 CVE Published
- Feb 7, 2024 PoC Published
- Feb 9, 2024 PoC Published
- Mar 1, 2024 PoC Published
- Mar 2, 2024 PoC Published