CVE-2019-1657 — Vulnetix

CVE-2019-1657 PUBLISHED CVSS 4.300000190734863 MEDIUM

A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected device. An exploit could allow the attacker to gain unauthorized access to information by using the API key credentials.

EPSS 0.17% · 38.5th percentile

Risk Scores

CVSS 3.0

4.300000190734863

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.17%

38.5th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco AMP Threat Grid Appliance Software	n/a
cisco	amp_threat_grid_cloud	0
cisco	amp_threat_grid_appliance	0

Exploit Intelligence

20190123 Cisco AMP Threat Grid API Key Information Disclosure Vulnerability (circl)
106711 (circl)

Timeline

Jan 23, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
May 13, 2022 CVE Updated
Jul 3, 2022 EPSS Score

References

20190123 Cisco AMP Threat Grid API Key Information Disclosure Vulnerability vendor-advisory
106711 vdb
https://nvd.nist.gov/vuln/detail/CVE-2019-1657 advisory

Open in Interactive Console →