CVE-2017-12317

CVE-2017-12317

Vendor N/A
Product Cisco AMP for Endpoints
Weakness CWE-798 · Hardcoded credentials
Published October 21, 2017
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service. Cisco Bug IDs: CSCvg42904.

Key dates

02Disclosure timeline

October 21, 2017 CVE published
August 5, 2024 Record updated