On October 20th, 2017, Cisco PSIRT was notified by the internal product team of a security vulnerability in the Cisco AMP For Endpoints application that would allow an authenticated, local attacker to access a static key value stored in the local application software.
The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service.
Workarounds that address this vulnerability are available. This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe”]
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | cisco_amp_for_endpoints | any | cpe:2.3:a:cisco:cisco_amp_for_endpoints:any:*:*:*:*:*:*:* |