A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAMP processes without requiring a password.
Stopping certain critical processes could cause a denial of service (DoS) condition, and certain security features could no longer be available.

The vulnerability is due to lack of proper access controls when using systems utilities to troubleshoot certain system processes.

An attacker could exploit this vulnerability by authenticating to the application and using the system utilities to stop certain FireAMP processes.

An exploit could allow the attacker to stop certain FireAMP processes.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fireamp
A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAMP processes without requiring a password.
Stopping certain critical processes could cause a denial of service (DoS) condition, and certain security features could no longer be available.

The vulnerability is due to lack of proper access controls when using systems utilities to troubleshoot certain system processes.

An attacker could exploit this vulnerability by authenticating to the application and using the system utilities to stop certain FireAMP processes.

An exploit could allow the attacker to stop certain FireAMP processes.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fireamp

Security Impact Rating: Medium

CVE: CVE-2016-6449

Leave a Reply