Vulnerability Details : CVE-2017-12317
The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service. Cisco Bug IDs: CSCvg42904.
Exploit prediction scoring system (EPSS) score for CVE-2017-12317
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-12317
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
6.7
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST |
CWE ids for CVE-2017-12317
-
The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2017-12317
-
http://www.securityfocus.com/bid/101520
Cisco AMP for Endpoints CVE-2017-12317 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe
Cisco AMP for Endpoints Static Key VulnerabilityVendor Advisory
Products affected by CVE-2017-12317
- cpe:2.3:a:cisco:advanced_malware_protection:3.1\(10\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:4.1\(4\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:4.2\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:5.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:5.0\(5\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:5.1\(13\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:5.1\(5\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:4.0\(0\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:4.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:4.0\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:4.1\(0\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:4.1\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:5.0\(7\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:5.0\(9\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:5.1\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:5.1\(11\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:4.3\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:4.4\(0\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:4.4\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:4.4\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:5.1\(9\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:6.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:3.1\(15\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:4.2\(0\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:4.3\(0\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:4.4\(4\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:5.0\(3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:5.1\(3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection:5.1\(7\):*:*:*:*:*:*:*