Vulnerability Description
A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected device. An exploit could allow the attacker to gain unauthorized access to information by using the API key credentials.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Amp Threat Grid Appliance | < 2.5 |
| Cisco | Amp Threat Grid Cloud | < 3.5.68 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106711Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/106711Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-1657?
CVE-2019-1657 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could explo...
How severe is CVE-2019-1657?
CVE-2019-1657 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1657?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Amp Threat Grid Appliance, Cisco Amp Threat Grid Cloud.