On October 20th, 2017, Cisco PSIRT was notified by the internal product team of a security vulnerability in the Cisco AMP For Endpoints application that would allow an authenticated, local attacker to access a static key value stored in the local application software.

The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password.

An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service.
Workarounds that address this vulnerability are available.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe

Security Impact Rating: Medium

CVE: CVE-2017-12317

Leave a Reply