You are here
Home > Preporuke > Ranjivost Cisco AMP for Endpoints servisa

Ranjivost Cisco AMP for Endpoints servisa

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco AMP for Endpoints Static Key Vulnerability

Advisory ID: cisco-sa-20171020-ampfe

Revision: 1.0

For Public Release: 2017 October 20 21:00 GMT

Last Updated: 2017 October 20 21:00 GMT

CVE ID(s): CVE-2017-12317

CVSS Score v(3): 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary
=======
On October 20th, 2017, Cisco PSIRT was notified by the internal product team of a security vulnerability in the Cisco AMP For Endpoints application that would allow an authenticated, local attacker to access a static key value stored in the local application software.

The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service.

Workarounds that address this vulnerability are available. This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZ6q4VZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkjPxAArPUpvSUHA+jGdlYj
Awo3d8qDWPOuuxIQZKyE43AGbekSUvxL6D4/CcTNOZtKHVFIbIc8g6PLs8tKKIyS
L3LB9MbLYe2bESqPqRZfesN32PnjmrE9X8EWtQVI8r8ZIZ6DEBxWAmVZ37A1DdU1
Ro7rj9uNzc2gw5P6DmXiMqaR281rT2NkPPrJMIG8bC/1juZIsKTHPHL4E6ZKv6DJ
+b7XEeYTO/SUrYw63e1Bv5ZvZEeOLdH5y6/4JfN59OIvj1xvoN5f6rsB15gt38HP
Xe2CYqGLDr9RJStteEDBYu9vPvW8Z1czFyogYlMAGRUQQLflU+hZQGZYZ2/P2TZH
MKMXqLI4pC/DGRGIko+3sTcx7nZd+2PoiCfn6D+w2VUdO+2q1/Kd2UNhc6gA7n7S
fhBnMmUBXqfVIbElQ2oHUDdnDSobEH4Y10BK2mxucOfVL11LEq4M4MeMUlTKKuda
c/4RzFtFHUtTuey8tzwywLRgOa5ZpHTs/aCziwVNemBys4MGg07E7a0rJ+QBOy3+
FhM7p9mwmqkx9lNjjzFCl/rct6DvYvlhMIBHSbP4Ac5sfZFjZE2dKoipbmv7QEHU
sH0lohhtj51TQgD+nA0joXHUxGhh1ytHzTEXMdkSeEHd2J+oG/NC/3Kns7/cWNI5
4Th+Rf/1/aa8siaw7PM/i1uxITM=
=cb8f
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa webkit2gtk

Otkriveni su sigurnosni nedostaci u programskom paketu webkit2gtk za operacijski sustav Ubuntu 16.04 LTS i 17.04. Otkriveni nedostaci potencijalnim udaljenim...

Close