Vulnerabilities > CVE-2019-1657 - Credentials Management vulnerability in Cisco AMP Threat Grid Appliance and AMP Threat Grid Cloud

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

cisco

CWE-255

NVD

Published: 2019-01-24

Updated: 2019-10-09

Summary

A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected device. An exploit could allow the attacker to gain unauthorized access to information by using the API key credentials.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco AMP Threat Grid Appliance 1.0 Cisco AMP Threat Grid Appliance 1.1 Cisco AMP Threat Grid Appliance 1.2 Cisco AMP Threat Grid Appliance 1.2.1 Cisco AMP Threat Grid Appliance 1.3 Cisco AMP Threat Grid Appliance 1.4 Cisco AMP Threat Grid Appliance 1.4.1 Cisco AMP Threat Grid Appliance 1.4.2 Cisco AMP Threat Grid Appliance 1.4.3 Cisco AMP Threat Grid Appliance 1.4.4 Cisco AMP Threat Grid Appliance 1.4.5 Cisco AMP Threat Grid Appliance 1.4.6 Cisco AMP Threat Grid Appliance 2.0 Cisco AMP Threat Grid Appliance 2.0.1 Cisco AMP Threat Grid Appliance 2.0.2 Cisco AMP Threat Grid Appliance 2.0.3 Cisco AMP Threat Grid Appliance 2.0.4 Cisco AMP Threat Grid Appliance 2.1 Cisco AMP Threat Grid Cloud *	19

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References