<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">
Virsec Security Research Lab

CVE-2021-1280 : Cisco Advanced Malware Protection (AMP) - DLL Hijack

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.

1.1        Vulnerability Summary

A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection (AMP) for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with SYSTEM privileges.

cve-2021-1280

Watch the video to learn more about this and other important vulnerabilities.

1.2        CVSS Score

The CVSS Base score of this vulnerability is 7.8 High as per Vendor. CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

1.3        Affected Version

All Cisco AMP for Endpoints for Windows releases earlier than Release 7.3.3

All Immunet for Windows releases earlier than Release 7.3.12

1.4        Vulnerability Attribution

This vulnerability is reported by Cisco Systems, Inc.

1.5        Risk Impact

AMP Cloud

No public exploits are available as of today.

As per this site, Cisco AMP is mostly used by top 1000 Enterprises which has higher revenue.

 Distribution of Companies

Exploiting this vulnerability can lead to planting of Backdoor into the AMP security system and could compromise the whole infrastructure of the company.

1.6        Virsec Security Platform (VSP) Support:

VSP-Host has the capability to detect DLL-hijack attacks. Any DLL that is not part of allowed list would not be allowed to be loaded into legitimate processes.

1.7        Reference Links:

Download the full vulnerability report to learn more about this and other important vulnerabilities.

Do you have a request for a vulnerability Virsec Security Research Lab to explore? Let us know!