cisco-sa-20171020-ampfe

Cisco AMP for Endpoints Static Key Vulnerability

cisco-sa-20171020-ampfe · Medium · Published 8 years ago · Updated 8 years ago

On October 20th, 2017, Cisco PSIRT was notified by the internal product team of a security vulnerability in the Cisco AMP For Endpoints application that would allow an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service. Workarounds that address this vulnerability are available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe

Cisco advisory ·CSAF JSON

Workarounds

Administrators may disable administrative privileges on the Windows machines that have Cisco AMP for Endpoints installed.

CVEs	CVE-2017-12317
Cisco Bug IDs	CSCvg42904
CVSS Score	Base 6.7 Base 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source	Cisco AMP for Endpoints, Cisco Secure Endpoint

Related Products

Product	CVE	Evidence
Cisco Secure Endpoint	CVE-2017-12317	Cisco OpenVuln
Cisco AMP for Endpoints	CVE-2017-12317	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco AMP for Endpoints Static Key Vulnerability

Workarounds

Related Products