Cisco Umbrella 仮想アプライアンスにおけるセキュリティ機能に関する脆弱性
| Title |
Cisco Umbrella 仮想アプライアンスにおけるセキュリティ機能に関する脆弱性
|
| Summary |
Cisco Umbrella 仮想アプライアンスには、セキュリティ機能に関する脆弱性が存在します。
|
| Possible impacts |
情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution |
ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date |
Sept. 15, 2017, midnight |
| Registration Date |
Dec. 28, 2017, 3:33 p.m. |
| Last Update |
Dec. 28, 2017, 3:33 p.m. |
|
CVSS3.0 : 警告
|
| Score |
6.4
|
| Vector |
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
|
CVSS2.0 : 警告
|
| Score |
6
|
| Vector |
AV:L/AC:H/Au:S/C:C/I:C/A:C |
Affected System
| シスコシステムズ |
|
Cisco Umbrella 仮想アプライアンス 2.0.3
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
| No |
Changed Details |
Date of change |
| 0 |
[2017年12月28日]
掲載 |
Feb. 17, 2018, 10:37 a.m. |
NVD Vulnerability Information
CVE-2017-6679
| Summary |
The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.
|
| Publication Date |
Dec. 2, 2017, 2:29 a.m. |
| Registration Date |
Jan. 26, 2021, 1:27 p.m. |
| Last Update |
Nov. 21, 2024, 12:30 p.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:cisco:umbrella:*:*:*:*:*:*:*:* |
|
2.0.3 |
|
|
Related information, measures and tools
Common Vulnerabilities List