Information disclosure in Cisco AMP Threat Grid



Published: 2019-01-24
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-1657
CWE-ID CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Cisco AMP Threat Grid
Client/Desktop applications / Other client software

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Information disclosure

EUVDB-ID: #VU17204

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-1657

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.

The vulnerability exists due to unsafe creation of API keys. A remote attacker can use insecure credentials to gain unauthorized access to information by using the API key credentials.

Mitigation

The vulnerability has been addressed in the versions 2.5, 3.5.68.

Vulnerable software versions

Cisco AMP Threat Grid: before 3.5.68

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-threat-grid


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###