CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%
The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service. Cisco Bug IDs: CSCvg42904.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | advanced_malware_protection | 3.1(10) | cpe:2.3:a:cisco:advanced_malware_protection:3.1\(10\):*:*:*:*:*:*:* |
cisco | advanced_malware_protection | 3.1(15) | cpe:2.3:a:cisco:advanced_malware_protection:3.1\(15\):*:*:*:*:*:*:* |
cisco | advanced_malware_protection | 4.0(0) | cpe:2.3:a:cisco:advanced_malware_protection:4.0\(0\):*:*:*:*:*:*:* |
cisco | advanced_malware_protection | 4.0(1) | cpe:2.3:a:cisco:advanced_malware_protection:4.0\(1\):*:*:*:*:*:*:* |
cisco | advanced_malware_protection | 4.0(2) | cpe:2.3:a:cisco:advanced_malware_protection:4.0\(2\):*:*:*:*:*:*:* |
cisco | advanced_malware_protection | 4.1(0) | cpe:2.3:a:cisco:advanced_malware_protection:4.1\(0\):*:*:*:*:*:*:* |
cisco | advanced_malware_protection | 4.1(1) | cpe:2.3:a:cisco:advanced_malware_protection:4.1\(1\):*:*:*:*:*:*:* |
cisco | advanced_malware_protection | 4.1(4) | cpe:2.3:a:cisco:advanced_malware_protection:4.1\(4\):*:*:*:*:*:*:* |
cisco | advanced_malware_protection | 4.2(0) | cpe:2.3:a:cisco:advanced_malware_protection:4.2\(0\):*:*:*:*:*:*:* |
cisco | advanced_malware_protection | 4.2(1) | cpe:2.3:a:cisco:advanced_malware_protection:4.2\(1\):*:*:*:*:*:*:* |
[
{
"product": "Cisco AMP for Endpoints",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco AMP for Endpoints"
}
]
}
]
More
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%