CVE-2017-12317

The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service. Cisco Bug IDs: CSCvg42904.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:advanced_malware_protection:3.1\(10\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:3.1\(15\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:4.0\(0\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:4.0\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:4.0\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:4.1\(0\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:4.1\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:4.1\(4\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:4.2\(0\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:4.2\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:4.3\(0\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:4.3\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:4.4\(0\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:4.4\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:4.4\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:4.4\(4\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:5.0\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:5.0\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:5.0\(5\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:5.0\(7\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:5.0\(9\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:5.1\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:5.1\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:5.1\(5\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:5.1\(7\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:5.1\(9\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:5.1\(11\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:5.1\(13\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:advanced_malware_protection:6.0\(1\):*:*:*:*:*:*:*

History

21 Nov 2024, 03:09

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/101520 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/101520 - Third Party Advisory, VDB Entry
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe - Vendor Advisory

Information

Published : 2017-10-22 18:29

Updated : 2024-11-21 03:09


NVD link : CVE-2017-12317

Mitre link : CVE-2017-12317

CVE.ORG link : CVE-2017-12317


JSON object : View

Products Affected

cisco

  • advanced_malware_protection
CWE
CWE-798

Use of Hard-coded Credentials