Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-1657— Cisco AMP Threat Grid API Key Information Disclosure Vulnerability

EPSS 0.17% · P38
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-1657

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Cisco AMP Threat Grid API Key Information Disclosure Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected device. An exploit could allow the attacker to gain unauthorized access to information by using the API key credentials.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco AMP Threat Grid Cloud和AMP Threat Grid Appliance software 信任管理问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco AMP Threat Grid是美国思科(Cisco)公司的套集成了静态和动态恶意软件分析以及威胁情报于一体的解决方案。该方案可帮助企业分析恶意软件的行为和意图、威胁的影响程度以及防御方法等。 Cisco AMP Threat Grid Cloud 3.5.68之前版本和AMP Threat Grid Appliance software 2.5之前版本中存在信任管理问题漏洞,该漏洞源于程序没有安全地创建API密钥。远程攻击者可通过使用不安全的凭证利用该漏洞访问敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
CiscoCisco AMP Threat Grid Appliance Software n/a -

II. Public POCs for CVE-2019-1657

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-1657

登录查看更多情报信息。

Same Patch Batch · Cisco · 2019-01-24 · 14 CVEs total

CVE-2019-1652Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
CVE-2019-1653Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
CVE-2019-1655Cisco Webex Meetings Server Cross-Site Scripting Vulnerability
CVE-2019-1656Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability
CVE-2019-1658Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability
CVE-2019-1668Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerability
CVE-2019-1669Cisco Firepower Threat Defense Software Packet Inspection and Enforcement Bypass Vulnerabi
CVE-2019-1645Cisco Connected Mobile Experiences Information Disclosure Vulnerability
CVE-2019-1646Privilege Escalation Vulnerability in Cisco SD-WAN Solution
CVE-2019-1647Cisco SD-WAN Solution Unauthorized Access Vulnerability
CVE-2019-1648Cisco SD-WAN Solution Privilege Escalation Vulnerability
CVE-2019-1650Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability
CVE-2019-1651Cisco SD-WAN Solution Buffer Overflow Vulnerability

IV. Related Vulnerabilities

Same vendor: Cisco
Same weakness: CWE-200

V. Comments for CVE-2019-1657

No comments yet

Leave a comment