CVE-2019-1657

EPSS 0.17%
Veröffentlicht 24.01.2019 16:29:00
Zuletzt bearbeitet 21.11.2024 04:37:01
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected device. An exploit could allow the attacker to gain unauthorized access to information by using the API key credentials.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Amp Threat Grid Appliance Version < 2.5

Cisco ≫ Amp Threat Grid Cloud Version < 3.5.68

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.353

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
psirt@cisco.com	4.3	2.8	1.4	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/106711

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-threat-grid

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1657

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1657

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1657

EUVD