Cisco Umbrella
Recent Cisco Umbrella Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2023-08-16 | Cisco Umbrella Virtual Appliance Undocumented Support Tunnel Vulnerability | August 16, 2023 |
| 2022-11-02 | Cisco Umbrella Stored Cross-Site Scripting Vulnerability | November 2, 2022 |
| 2022-04-20 | Cisco Umbrella Virtual Appliance Static SSH Host Key Vulnerability | April 20, 2022 |
| 2022-04-20 | Cisco Umbrella Secure Web Gateway File Decryption Bypass Vulnerability | April 20, 2022 |
| 2022-02-02 | Cisco Umbrella Secure Web Gateway File Inspection Bypass Vulnerability | February 2, 2022 |
| 2021-11-03 | Cisco Umbrella Email Enumeration Vulnerability | November 3, 2021 |
| 2021-04-07 | Cisco Umbrella Link and CSV Formula Injection Vulnerabilities | April 7, 2021 |
By the Year
In 2024 there have been 0 vulnerabilities in Cisco Umbrella . Umbrella did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 6.75 |
| 2021 | 4 | 5.58 |
| 2020 | 2 | 5.20 |
| 2019 | 2 | 7.45 |
| 2018 | 1 | 9.10 |
It may take a day or so for new Umbrella vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cisco Umbrella Security Vulnerabilities
A vulnerability in multiple management dashboard pages of Cisco Umbrella could
CVE-2022-20969
5.4 - Medium
- November 04, 2022
A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to the web application and persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.
XSS
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could
CVE-2022-20773
8.1 - High
- April 21, 2022
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA. Note: SSH is not enabled by default on the Umbrella VA.
Use of Hard-coded Credentials
A vulnerability in the web-based dashboard of Cisco Umbrella could
CVE-2021-40126
4.3 - Medium
- November 04, 2021
A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the dashboard that appears when a user attempts to modify their email address when the new address already exists in the system. An attacker could exploit this vulnerability by attempting to modify the user's email address. A successful exploit could allow the attacker to enumerate email addresses of users in the system.
Generation of Error Message Containing Sensitive Information
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could
CVE-2021-1474
8.6 - High
- April 08, 2021
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CSV Injection
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could
CVE-2021-1475
4.1 - Medium
- April 08, 2021
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CSV Injection
A vulnerability in the web UI of Cisco Umbrella could
CVE-2021-1350
5.3 - Medium
- January 20, 2021
A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. The vulnerability exists due to insufficient rate limiting controls in the web UI. An attacker could exploit this vulnerability by sending crafted HTTPS packets at a high and sustained rate. A successful exploit could allow the attacker to negatively affect the performance of the web UI. Cisco has addressed this vulnerability.
Allocation of Resources Without Limits or Throttling
A vulnerability in the web server of Cisco Umbrella could
CVE-2020-3337
6.1 - Medium
- June 18, 2020
A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.
Open Redirect
A vulnerability in the web server of Cisco Umbrella could
CVE-2020-3246
4.3 - Medium
- May 06, 2020
A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to the browser of the user.
Injection
A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could
CVE-2019-1807
8.8 - High
- May 03, 2019
A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user session. The vulnerability exists due to the affected application not invalidating an existing session when a user authenticates to the application and changes the users credentials via another authenticated session. An attacker could exploit this vulnerability by using a separate, authenticated, active session to connect to the application through the web UI. A successful exploit could allow the attacker to maintain access to the dashboard via an authenticated user's browser session. Cisco has addressed this vulnerability in the Cisco Umbrella Dashboard. No user action is required.
Session Fixation
A vulnerability in the URL block page of Cisco Umbrella could
CVE-2019-1792
6.1 - Medium
- April 18, 2019
A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user in a network protected by Umbrella. The vulnerability is due to insufficient validation of input parameters passed to that page. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. This vulnerability has been fixed in the current version of Cisco Umbrella. Cisco Umbrella is a cloud service.
XSS
A vulnerability in the Cisco Umbrella API could
CVE-2018-0435
9.1 - Critical
- October 05, 2018
A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations.
authentification
The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated
CVE-2017-6679
6.4 - Medium
- December 01, 2017
The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Cisco Umbrella or by Cisco? Click the Watch button to subscribe.
