Cisco AMP for Endpoints and ClamAV Privilege Escalation Vulnerability

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system.

The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-famp-ZEpdXy

Security Impact Rating: Medium

CVE: CVE-2020-3350

Related:

  • No Related Posts

Few of the SEP clients are out of date /not getting virus definitions

I need a solution

Hello ,

We use SEPM 14 version to manage our clients. Most of the time 99% SEP clients are up to date with virus definitions. But every time we get an email stating few of the client are out of date and those clients are random .Even though those clients are showing connected to SEPM with green icon .We usually use  smc -stop and -start for some case it may work else we need to reboot the server .In order to avoid reboot we use the Intelligent Updater files  and resolve the problem .Do you have any idea why  few  of the clients failing to  download the virus definitions.Those clients were  downloading /updating definitions from SEPM without any problem .Can anyone share your experiences .

Thanks

Sujith

0

Related:

Registry values to check status of Norton/Symantec AntiVirus

I do not need a solution (just sharing information)

This is a general question. I am trying to find information to determine TimeOfLastScanPatternFileRevision and PatternFileDate etc settings directly in the registry for Norton AntiVirus on Windows 10.

I believe most Norton AntiVirus values should be located under HKEY_LOCAL_MACHINESOFTWAREIntelLANDeskVirusProtect6CurrentVersion…, but the latest Norton AntiVirus 22.19.8.65 trial version does not appear to have the same location in the Registry?

I can only see HKEY_LOCAL_MACHINESOFTWARENorton… and HKEY_LOCAL_MACHINESOFTWARESymantec…. But I cannot find these values I want to check programmatically (Time of last scan and pattern file date etc).

Have Symantec changed the design and Registry location for Norton AntiVirus at some point in the past? Or is the usual location missing because I am using the trial version?

Can someone please clarify why HKEY_LOCAL_MACHINESOFTWAREIntelLANDeskVirusProtect6CurrentVersion… is no longer visible in the latest version of Norton (Symantec) AntiVirus?

Thank you.

Trevor

0

Related:

Comparison of every Symantec Features with Next Gen AV

I do not need a solution (just sharing information)

Hello,

I am doing a comparision of security features of Symantec Endpoinnt Protection which in On Prem. It is somewhat difficult to compare each element of Symantec Endpoint Protection On-Prem.

I would be comparing Symantec Endpoint Protection with Next Gen Antivirus (Both EPP + EDR), currently we are Symantec Shop only with End point protection not with Symantec ATP.

Does anyone could help me with proper document which should have all the featurs from Symantec Endpoint Protection with description of the same so it could help me to compare with Next Gen AV.

Basically it would be a topic of coming out from Traditionl Antivurs and to move to Next Gen AV, but I am personally with the opinion of having Traditional Antivirus with Next Gen EDR

Any Document or reference could help me to take the discussion further.

0

Related: