Produkt Umbrella (...) - CVEMAP.ORG

Podatności dla 'Umbrella'

2021-11-04

CVE-2021-40126

CWE-209

A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the dashboard that appears when a user attempts to modify their email address when the new address already exists in the system. An attacker could exploit this vulnerability by attempting to modify the user's email address. A successful exploit could allow the attacker to enumerate email addresses of users in the system.

2020-06-18

CVE-2020-3337

CWE-601

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.

2020-05-06

CVE-2020-3246

CWE-74

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to the browser of the user.

2019-05-03

CVE-2019-1807

CWE-384

A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user session. The vulnerability exists due to the affected application not invalidating an existing session when a user authenticates to the application and changes the users credentials via another authenticated session. An attacker could exploit this vulnerability by using a separate, authenticated, active session to connect to the application through the web UI. A successful exploit could allow the attacker to maintain access to the dashboard via an authenticated user's browser session. Cisco has addressed this vulnerability in the Cisco Umbrella Dashboard. No user action is required.

2019-04-17

CVE-2019-1792

CWE-79

A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user in a network protected by Umbrella. The vulnerability is due to insufficient validation of input parameters passed to that page. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. This vulnerability has been fixed in the current version of Cisco Umbrella. Cisco Umbrella is a cloud service.

2018-10-05

CVE-2018-0435

CWE-287

A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations.

2017-12-01

CVE-2017-6679

CWE-noinfo

The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.

>>> Vendor: Cisco 1880 Produkty

Cisco 7xx routers

Catalyst 12xx supervisor software

Catalyst 29xx supervisor software

Catalyst 5xxx supervisor software

Resource manager

Pix private link

Catalyst 2900 vlan

System controller 3640

Voice gateway as5800

Gigabit switch router 12008

Gigabit switch router 12012

Gigabit switch router 12016

Catalyst 3500 xl

Virtual central office 4000

Secure access control server

Content services switch

Cisco 6xx routers

Broadband operating system

Pix firewall 515

Pix firewall 520

Content services switch 11050

Content services switch 11150

Content services switch 11800

Vpn 3000 concentrator

Vpn 3005 concentrator

Vpn 3015 concentrator

Vpn 3030 concentator

Vpn 3060 concentrator

Vpn 3080 concentrator

Content services switch 11000

Catalyst 6000 intrusion detection system module

Secure intrusion detection system

Catalyst 2900xl

Catalyst 2948g-l3

Catalyst 3500xl

Catalyst 4908g-l3

Distributed director

Sn 5420 storage router

Pix firewall manager

Content distribution manager 4630

Content distribution manager 4650

Cache engine 505

Cache engine 550

Cache engine 570

Content router 4430

Vpn 500 concentrator

Voip phone cp-7940

Voip phone cp-7910

Voip phone cp-7960

Ids device manager

Zobacz wszystkie produkty dla producenta Cisco

Copyright 2024, cxsecurity.com