CVE-2019-1657
Summary
| CVE | CVE-2019-1657 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-01-24 16:29:00 UTC |
| Updated | 2020-10-05 19:41:00 UTC |
| Description | A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected device. An exploit could allow the attacker to gain unauthorized access to information by using the API key credentials. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Amp Threat Grid Appliance | All | All | All | All |
| Application | Cisco | Amp Threat Grid Appliance | All | All | All | All |
| Application | Cisco | Amp Threat Grid Cloud | All | All | All | All |
| Application | Cisco | Amp Threat Grid Cloud | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco AMP Threat Grid CVE-2019-1657 Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Cisco AMP Threat Grid API Key Information Disclosure Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.