Vulnerability identifier: #VU17204
Vulnerability risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco AMP Threat Grid
Client/Desktop applications /
Other client software
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.
The vulnerability exists due to unsafe creation of API keys. A remote attacker can use insecure credentials to gain unauthorized access to information by using the API key credentials.
Mitigation
The vulnerability has been addressed in the versions 2.5, 3.5.68.
Vulnerable software versions
Cisco AMP Threat Grid: All versions
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-threat-grid
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.