Cisco AMP for Endpoints Static Key Vulnerability

by CIRT Team

Description:  On October 20th, 2017, Cisco PSIRT was notified by the internal product team of a security vulnerability in the Cisco AMP for Endpoints application that would allow an authenticated, local attacker to access a static key value stored in the local application software.

Impact: The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service. This vulnerability affects Cisco AMP for Endpoints for Windows Operating Systems.

Mitigation: Administrators may disable administrative privileges on the Windows machines that have Cisco AMP for Endpoints installed. For information about fixed software releases, consult with vendor.

Reference URL’s:

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts