CVE-2019-1657

Cisco AMP Threat Grid API Key Information Disclosure Vulnerability

Severity Score

4.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected device. An exploit could allow the attacker to gain unauthorized access to information by using the API key credentials.

Una vulnerabilidad en Cisco AMP Threat Grid podría permitir que un atacante remoto autenticado acceda a información sensible en un sistema afectado. Esta vulnerabilidad se debe a la creación insegura de claves API. Un atacante podría explotar esta vulnerabilidad empleando credenciales inseguras para obtener acceso no autorizado al dispositivo afectado. Un exploit podría permitir al atacante obtener acceso no autorizado a información, utilizando las credenciales de la clave API.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-12-06 CVE Reserved
2019-01-24 CVE Published
2023-03-08 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (2)

URL	Tag	Source
http://www.securityfocus.com/bid/106711	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-threat-grid	2020-10-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Amp Threat Grid Appliance Search vendor "Cisco" for product "Amp Threat Grid Appliance"				< 2.5 Search vendor "Cisco" for product "Amp Threat Grid Appliance" and version " < 2.5"		-		Affected
Cisco Search vendor "Cisco"		Amp Threat Grid Cloud Search vendor "Cisco" for product "Amp Threat Grid Cloud"				< 3.5.68 Search vendor "Cisco" for product "Amp Threat Grid Cloud" and version " < 3.5.68"		-		Affected