CVE-2018-15452

CVE-2018-15452 is a medium-severity vulnerability in Cisco Advanced Malware Protection For Endpoints with a CVSS 3.x base score of 5.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-427.

Key facts

Description

A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit this vulnerability, the attacker would need to have administrative credentials on the Windows system. The vulnerability is due to the improper validation of resources loaded by a system process at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. A successful exploit could allow the attacker to disable the targeted system's scanning services and ultimately prevent the system from being protected from further intrusion. There are no workarounds that address this vulnerability.

Frequently asked questions

What is CVE-2018-15452?
A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit this vulnerability, the attacker would need to have administrative credentials on the Windows system. The vulnerability is due to the improper validation of resources loaded by a system process at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. A successful exploit could allow the attacker to disable the targeted system's scanning services and ultimately prevent the system from being protected from further intrusion. There are no workarounds that address this vulnerability.
How severe is CVE-2018-15452?
CVE-2018-15452 has a CVSS 3.x base score of 5.5, rated medium severity. It is exploitable over local access with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
Is CVE-2018-15452 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (25th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2018-15452?
CVE-2018-15452 affects Cisco Advanced Malware Protection For Endpoints. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2018-15452?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2018-15452 published?
CVE-2018-15452 was published on 2018-11-13 and last updated on 2026-06-17.

References

Affected products (1)

More vulnerabilities in Cisco Advanced Malware Protection For Endpoints

All CVEs affecting Cisco Advanced Malware Protection For Endpoints →

Other CWE-427 (Uncontrolled Search Path Element) vulnerabilities

Browse all CWE-427 (Uncontrolled Search Path Element) vulnerabilities →