CVE-2017-12317

6.7MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Amp For Endpoints
Vendor: CVE Published:; 22 October 2017

Summary

The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service. Cisco Bug IDs: CSCvg42904.

Affected Version(s)

Cisco AMP for Endpoints Cisco AMP for Endpoints

References

http://www.securityfocus.com/bid/101520

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 22, 2017
Vulnerability Reserved
Aug 3, 2017