cvelistv5 - CVE-2017-6679

CVE-2017-6679 (GCVE-0-2017-6679)

Vulnerability from cvelistv5 – Published: 2017-12-01 00:00 – Updated: 2024-08-05 15:33

Summary

Severity ?

No CVSS data available.

CWE

undocumented encrypted remote support tunnel

Assigner

cisco

References

URL

	Vendor	Product	Version
	n/a	Cisco Umbrella Virtual Appliance Version 2.0.3 and prior	Affected: Cisco Umbrella Virtual Appliance Version 2.0.3 and prior

CISCO-SA-UMBRELLA-TUNNEL-GJW5THGE

Vulnerability from csaf_cisco - Published: 2023-08-16 16:00 - Updated: 2023-08-16 16:00

Summary

Cisco Umbrella Virtual Appliance Undocumented Support Tunnel Vulnerability

Notes

Summary

A vulnerability in the remote support feature of Cisco Umbrella Virtual Appliance could allow an authenticated, remote attacker to obtain full control of an affected device. This vulnerability is due to an undocumented support mechanism that is present on the product. An attacker could exploit this vulnerability by obtaining privileges sufficient to access the remote support tunnel. A successful exploit could allow the attacker to access the appliance remotely and obtain full control without explicit customer approval. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Umbrella originally published this advisory in 2017 on a different site that has since been archived.

Vulnerable Products

At the time of publication, this vulnerability affected Cisco Umbrella Virtual Appliances. For information about which Cisco software releases were vulnerable at the time of publication, see the Fixed Software ["#fs"] section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.

Details

The Cisco Umbrella Virtual Appliance releases 2.0.3 and earlier contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from customer appliances to Cisco SSH Hubs in the Umbrella data centers. These tunnels were primarily leveraged for remote support and allowed for authorized and authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, Cisco Umbrella Virtual Appliance Release 2.1.0 now requires explicit customer approval before an SSH tunnel from the virtual appliance to the Cisco terminating server can be established.

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, the release information in the following table(s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability that is described in this advisory and which release included the fix for this vulnerability. Cisco Umbrella Virtual Appliance Release First Fixed Release 2.0.3 and earlier 2.1.0 The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.

Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Exploitation and Public Announcements

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

Cisco would like to thank David Coomber for reporting this vulnerability.

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "summary": "Cisco would like to thank David Coomber for reporting this vulnerability."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability in the remote support feature of Cisco Umbrella Virtual Appliance could allow an authenticated, remote attacker to obtain full control of an affected device.\r\n\r\nThis vulnerability is due to an undocumented support mechanism that is present on the product. An attacker could exploit this vulnerability by obtaining privileges sufficient to access the remote support tunnel. A successful exploit could allow the attacker to access the appliance remotely and obtain full control without explicit customer approval.\r\n\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\nCisco Umbrella originally published this advisory in 2017 on a different site that has since been archived.\r\n\r\n",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "At the time of publication, this vulnerability affected Cisco Umbrella Virtual Appliances.\r\n\r\nFor information about which Cisco software releases were vulnerable at the time of publication, see the Fixed Software [\"#fs\"] section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "The Cisco Umbrella Virtual Appliance releases 2.0.3 and earlier contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from customer appliances to Cisco SSH Hubs in the Umbrella data centers. These tunnels were primarily leveraged for remote support and allowed for authorized and authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, Cisco Umbrella Virtual Appliance Release 2.1.0 now requires explicit customer approval before an SSH tunnel from the virtual appliance to the Cisco terminating server can be established.",
        "title": "Details"
      },
      {
        "category": "general",
        "text": "There are no workarounds that address this vulnerability.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "When considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n      Fixed Releases\r\nAt the time of publication, the release information in the following table(s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.\r\n\r\nThe left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability that is described in this advisory and which release included the fix for this vulnerability.\r\n        Cisco Umbrella Virtual Appliance Release  First Fixed Release          2.0.3 and earlier  2.1.0\r\nThe Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "Cisco would like to thank David Coomber for reporting this vulnerability.",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@cisco.com",
      "issuing_authority": "Cisco PSIRT",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "Cisco Umbrella Virtual Appliance Undocumented Support Tunnel Vulnerability",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-tunnel-gJw5thgE"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "considering software upgrades",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisories page",
        "url": "https://www.cisco.com/go/psirt"
      },
      {
        "category": "external",
        "summary": "Security Vulnerability Policy",
        "url": "http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"
      }
    ],
    "title": "Cisco Umbrella Virtual Appliance Undocumented Support Tunnel Vulnerability",
    "tracking": {
      "current_release_date": "2023-08-16T16:00:00+00:00",
      "generator": {
        "date": "2023-08-16T15:59:50+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-umbrella-tunnel-gJw5thgE",
      "initial_release_date": "2023-08-16T16:00:00+00:00",
      "revision_history": [
        {
          "date": "2023-08-16T15:59:34+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_family",
            "name": "Cisco Umbrella Insights Virtual Appliance",
            "product": {
              "name": "Cisco Umbrella Insights Virtual Appliance ",
              "product_id": "CSAFPID-231188"
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-6679",
      "ids": [
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwh07325"
        }
      ],
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-231188"
        ]
      },
      "release_date": "2023-08-16T16:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-231188"
          ],
          "url": "https://software.cisco.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-231188"
          ]
        }
      ],
      "title": "Cisco Umbrella Virtual Appliance Undocumented Support Tunnel"
    }
  ]
}

FKIE_CVE-2017-6679

Vulnerability from fkie_nvd - Published: 2017-12-01 17:29 - Updated: 2025-04-20 01:37

Severity ?

6.4 (Medium) - CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/101567	Third Party Advisory, VDB Entry
psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-tunnel-gJw5thgE
psirt@cisco.com	https://support.umbrella.com/hc/en-us/articles/115004154423	Third Party Advisory
psirt@cisco.com	https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15	Third Party Advisory
psirt@cisco.com	https://www.info-sec.ca/advisories/Cisco-Umbrella.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/101567	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-tunnel-gJw5thgE
af854a3a-2127-422b-91ae-364da2661108	https://support.umbrella.com/hc/en-us/articles/115004154423	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.info-sec.ca/advisories/Cisco-Umbrella.html	Third Party Advisory

Impacted products

	Vendor	Product	Version
	cisco	umbrella	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:umbrella:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "04CE73AE-5B74-4159-B36E-A6A6F22D2985",
              "versionEndIncluding": "2.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer\u0027s appliance to Cisco\u0027s SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established."
    },
    {
      "lang": "es",
      "value": "Cisco Umbrella Virtual Appliance en sus versiones 2.0.3 y anteriores conten\u00edan un t\u00fanel de soporte remoto cifrado sin documentar (SSH) que se iniciaba autom\u00e1ticamente desde la m\u00e1quina del cliente a los hubs SSH de Cisco en los CPD de Umbrella. Estos t\u00faneles se utilizaban en principio para proporcionar soporte remoto y permit\u00edan al personal autorizado/autenticado del equipo de Cisco Umbrella para que accediesen a la m\u00e1quina remotamente y obtuvieses el control total sin la aprobaci\u00f3n expl\u00edcita del cliente. Para resolver esta vulnerabilidad, la versi\u00f3n 2.1.0 de Umbrella Virtual Appliance ahora necesita la aprobaci\u00f3n expl\u00edcita del cliente antes de que se pueda establecer un t\u00fanel SSH desde la m\u00e1quina virtual al servidor destino de Cisco."
    }
  ],
  "id": "CVE-2017-6679",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-01T17:29:00.667",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101567"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-tunnel-gJw5thgE"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.umbrella.com/hc/en-us/articles/115004154423"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.info-sec.ca/advisories/Cisco-Umbrella.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101567"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-tunnel-gJw5thgE"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.umbrella.com/hc/en-us/articles/115004154423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.info-sec.ca/advisories/Cisco-Umbrella.html"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-X42G-FJ2G-26MM

Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2022-05-13 01:46

Details

Severity ?

6.4 (Medium)


                  
                    CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6679"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-01T17:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer\u0027s appliance to Cisco\u0027s SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.",
  "id": "GHSA-x42g-fj2g-26mm",
  "modified": "2022-05-13T01:46:44Z",
  "published": "2022-05-13T01:46:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6679"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-tunnel-gJw5thgE"
    },
    {
      "type": "WEB",
      "url": "https://support.umbrella.com/hc/en-us/articles/115004154423"
    },
    {
      "type": "WEB",
      "url": "https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15"
    },
    {
      "type": "WEB",
      "url": "https://www.info-sec.ca/advisories/Cisco-Umbrella.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101567"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201712-1083

Vulnerability from variot - Updated: 2023-12-18 13:08

The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established. Cisco Umbrella Virtual appliances contain vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscoUmbrellaVirtualAppliance is a cloud-based secure Internet gateway device from Cisco. A security vulnerability exists in Cisco Umbrella VirtualAppliance 2.0.3 and earlier. This vulnerability could be exploited by a remote attacker to gain access to the device and to fully control the device. This may lead to further attacks.

Timeline

December 22, 2015 - Notified OpenDNS via security@opendns.com December 22, 2015 - OpenDNS responded stating that they will investigate January 4, 2016 - Asked for an update on their investigation January 11, 2016 - OpenDNS said they are working through a number of options to resolve the issue February 2, 2016 - OpenDNS advised they've shortlisted a couple of solutions and will provide another update in a week or so February 17, 2016 - OpenDNS said they would like to schedule a call to discuss February 24, 2016 - Had a call with OpenDNS to discuss possible solutions April 22, 2016 - Asked for an update on the progress of the fix May 3, 2016 - Asked for an update on the progress of the fix July 27, 2016 - Sent the vulnerability details to the Cisco PSIRT team July 29, 2016 - Cisco assigned a case number and asked to schedule a call to discuss August 17, 2016 - Had a call with the Cisco PSIRT team to discuss possible solutions September 26, 2016 - Asked for an update on the progress of the fix October 6, 2016 - Cisco provided a status update December 14, 2016 - Asked for an update on the progress of the fix December 19, 2016 - Cisco provided a status update January 10, 2017 - Asked for an update on the progress of the fix January 10, 2017 - Cisco provided a status update May 26, 2017 - Cisco assigned CVE-2017-6679 and advised that the issue would be made public in the next week June 2, 2017 - Cisco asked to move the disclosure date to August 31, 2017 August 30, 2017 - Cisco released virtual appliance version 2.1.0 which resolves this vulnerability by removing the undocumented reverse SSH tunnel September 21, 2017 - Cisco published a security advisory to document this issue

Solution

Upgrade to virtual appliance 2.1.0 or later

https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15

CVE-ID: CVE-2017-6679

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201712-1083",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "umbrella virtual appliance",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "cisco",
        "version": "2.0.3"
      },
      {
        "model": "umbrella",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0.3"
      },
      {
        "model": "umbrella",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "2.0.3"
      },
      {
        "model": "umbrella virtual appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-33270"
      },
      {
        "db": "BID",
        "id": "101567"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011019"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6679"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1275"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:umbrella:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6679"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "David Coomber.",
    "sources": [
      {
        "db": "BID",
        "id": "101567"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1275"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-6679",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 1.5,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Local",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-6679",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2017-33270",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 1.5,
            "id": "VHN-114882",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:H/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.5,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-6679",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6679",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-33270",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201710-1275",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114882",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-6679",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-33270"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114882"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6679"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011019"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6679"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1275"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer\u0027s appliance to Cisco\u0027s SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established. Cisco Umbrella Virtual appliances contain vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscoUmbrellaVirtualAppliance is a cloud-based secure Internet gateway device from Cisco. A security vulnerability exists in Cisco Umbrella VirtualAppliance 2.0.3 and earlier. This vulnerability could be exploited by a remote attacker to gain access to the device and to fully control the device. This may lead to further attacks. \n\nTimeline\n\nDecember 22, 2015 - Notified OpenDNS via security@opendns.com\nDecember 22, 2015 - OpenDNS responded stating that they will investigate\nJanuary 4, 2016 - Asked for an update on their investigation\nJanuary 11, 2016 - OpenDNS said they are working through a number of options to resolve the issue\nFebruary 2, 2016 - OpenDNS advised they\u0027ve shortlisted a couple of solutions and will provide another update in a week or so\nFebruary 17, 2016 - OpenDNS said they would like to schedule a call to discuss\nFebruary 24, 2016 - Had a call with OpenDNS to discuss possible solutions\nApril 22, 2016 - Asked for an update on the progress of the fix\nMay 3, 2016 - Asked for an update on the progress of the fix\nJuly 27, 2016 - Sent the vulnerability details to the Cisco PSIRT team\nJuly 29, 2016 - Cisco assigned a case number and asked to schedule a call to discuss\nAugust 17, 2016 - Had a call with the Cisco PSIRT team to discuss possible solutions\nSeptember 26, 2016 - Asked for an update on the progress of the fix\nOctober 6, 2016 - Cisco provided a status update\nDecember 14, 2016 - Asked for an update on the progress of the fix\nDecember 19, 2016 - Cisco provided a status update\nJanuary 10, 2017 - Asked for an update on the progress of the fix\nJanuary 10, 2017 - Cisco provided a status update\nMay 26, 2017 - Cisco assigned CVE-2017-6679 and advised that the issue would be made public in the next week\nJune 2, 2017 - Cisco asked to move the disclosure date to August 31, 2017\nAugust 30, 2017 - Cisco released virtual appliance version 2.1.0 which resolves this vulnerability by removing the undocumented reverse SSH tunnel\nSeptember 21, 2017 - Cisco published a security advisory to document this issue\n\nSolution\n\nUpgrade to virtual appliance 2.1.0 or later\n\nhttps://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15\n\nCVE-ID: CVE-2017-6679\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6679"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011019"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-33270"
      },
      {
        "db": "BID",
        "id": "101567"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114882"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6679"
      },
      {
        "db": "PACKETSTORM",
        "id": "144723"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6679",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "101567",
        "trust": 2.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011019",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1275",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-33270",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "144723",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-114882",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6679",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-33270"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114882"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6679"
      },
      {
        "db": "BID",
        "id": "101567"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011019"
      },
      {
        "db": "PACKETSTORM",
        "id": "144723"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6679"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1275"
      }
    ]
  },
  "id": "VAR-201712-1083",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-33270"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114882"
      }
    ],
    "trust": 0.8458333299999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-33270"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:08:36.281000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "On-Demand Tech Support SSH Tunnel for Virtual Appliances",
        "trust": 0.8,
        "url": "https://support.umbrella.com/hc/en-us/articles/115004154423"
      },
      {
        "title": "Virtual Appliance - Vulnerability due to always-on SSH Tunnel - RESOLVED - 2017-09-15",
        "trust": 0.8,
        "url": "https://support.umbrella.com/hc/en-us/articles/115004752143-virtual-appliance-vulnerability-due-to-always-on-ssh-tunnel-resolved-2017-09-15"
      },
      {
        "title": "CiscoUmbrellaVirtualAppliance does not authorize access to vulnerable patches",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/105728"
      },
      {
        "title": "Cisco Umbrella Virtual Appliance Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76040"
      },
      {
        "title": "Cisco: Cisco Umbrella Virtual Appliance Undocumented Support Tunnel Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-umbrella-tunnel-gjw5thge"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-33270"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6679"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011019"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1275"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-254",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114882"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011019"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6679"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://support.umbrella.com/hc/en-us/articles/115004752143-virtual-appliance-vulnerability-due-to-always-on-ssh-tunnel-resolved-2017-09-15"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/101567"
      },
      {
        "trust": 1.8,
        "url": "https://support.umbrella.com/hc/en-us/articles/115004154423"
      },
      {
        "trust": 1.8,
        "url": "https://www.info-sec.ca/advisories/cisco-umbrella.html"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6679"
      },
      {
        "trust": 1.2,
        "url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-umbrella-tunnel-gjw5thge"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6679"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://umbrella.cisco.com/)"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-33270"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114882"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6679"
      },
      {
        "db": "BID",
        "id": "101567"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011019"
      },
      {
        "db": "PACKETSTORM",
        "id": "144723"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6679"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1275"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-33270"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114882"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6679"
      },
      {
        "db": "BID",
        "id": "101567"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011019"
      },
      {
        "db": "PACKETSTORM",
        "id": "144723"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6679"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1275"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-33270"
      },
      {
        "date": "2017-12-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114882"
      },
      {
        "date": "2017-12-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-6679"
      },
      {
        "date": "2017-10-24T00:00:00",
        "db": "BID",
        "id": "101567"
      },
      {
        "date": "2017-12-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011019"
      },
      {
        "date": "2017-10-24T12:22:22",
        "db": "PACKETSTORM",
        "id": "144723"
      },
      {
        "date": "2017-12-01T17:29:00.667000",
        "db": "NVD",
        "id": "CVE-2017-6679"
      },
      {
        "date": "2017-10-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-1275"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-33270"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114882"
      },
      {
        "date": "2023-08-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-6679"
      },
      {
        "date": "2017-10-24T00:00:00",
        "db": "BID",
        "id": "101567"
      },
      {
        "date": "2017-12-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011019"
      },
      {
        "date": "2023-08-17T19:15:09.613000",
        "db": "NVD",
        "id": "CVE-2017-6679"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-1275"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1275"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Umbrella Vulnerabilities related to security functions in virtual appliances",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011019"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1275"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2017-33270

Vulnerability from cnvd - Published: 2017-11-09

Title

Cisco Umbrella Virtual Appliance未授权访问漏洞

Description

Cisco Umbrella Virtual Appliance是美国思科（Cisco）公司的一款基于云的安全互联网网关设备。 Cisco Umbrella Virtual Appliance 2.0.3及之前的版本中存在安全漏洞。远程攻击者可利用该漏洞访问设备，并完全控制设备。

Severity

中

Patch Name

Cisco Umbrella Virtual Appliance未授权访问漏洞的补丁

Patch Description

Cisco Umbrella Virtual Appliance是美国思科（Cisco）公司的一款基于云的安全互联网网关设备。 Cisco Umbrella Virtual Appliance 2.0.3及之前的版本中存在安全漏洞。远程攻击者可利用该漏洞访问设备，并完全控制设备。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityResponse

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-6679

Impacted products

Name
Cisco Umbrella Virtual Appliance 2.0.3

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "101567"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6679",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6679"
    }
  },
  "description": "Cisco Umbrella Virtual Appliance\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8e\u4e91\u7684\u5b89\u5168\u4e92\u8054\u7f51\u7f51\u5173\u8bbe\u5907\u3002\r\n\r\nCisco Umbrella Virtual Appliance 2.0.3\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u8bbe\u5907\uff0c\u5e76\u5b8c\u5168\u63a7\u5236\u8bbe\u5907\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityResponse",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-33270",
  "openTime": "2017-11-09",
  "patchDescription": "Cisco Umbrella Virtual Appliance\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8e\u4e91\u7684\u5b89\u5168\u4e92\u8054\u7f51\u7f51\u5173\u8bbe\u5907\u3002\r\n\r\nCisco Umbrella Virtual Appliance 2.0.3\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u8bbe\u5907\uff0c\u5e76\u5b8c\u5168\u63a7\u5236\u8bbe\u5907\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Umbrella Virtual Appliance\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Umbrella Virtual Appliance 2.0.3"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-6679",
  "serverity": "\u4e2d",
  "submitTime": "2017-10-30",
  "title": "Cisco Umbrella Virtual Appliance\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}

GSD-2017-6679

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-6679

Aliases

CVE-2017-6679

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6679",
    "description": "The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer\u0027s appliance to Cisco\u0027s SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.",
    "id": "GSD-2017-6679"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6679"
      ],
      "details": "The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer\u0027s appliance to Cisco\u0027s SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.",
      "id": "GSD-2017-6679",
      "modified": "2023-12-13T01:21:10.066847Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2017-6679",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Umbrella Virtual Appliance Version 2.0.3 and prior",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Umbrella Virtual Appliance Version 2.0.3 and prior"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer\u0027s appliance to Cisco\u0027s SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "undocumented encrypted remote support tunnel"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.info-sec.ca/advisories/Cisco-Umbrella.html",
            "refsource": "MISC",
            "url": "https://www.info-sec.ca/advisories/Cisco-Umbrella.html"
          },
          {
            "name": "https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15",
            "refsource": "MISC",
            "url": "https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15"
          },
          {
            "name": "101567",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/101567"
          },
          {
            "name": "https://support.umbrella.com/hc/en-us/articles/115004154423",
            "refsource": "MISC",
            "url": "https://support.umbrella.com/hc/en-us/articles/115004154423"
          },
          {
            "name": "20230816 Cisco Umbrella Virtual Appliance Undocumented Support Tunnel Vulnerability",
            "refsource": "CISCO",
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-tunnel-gJw5thgE"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:umbrella:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6679"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer\u0027s appliance to Cisco\u0027s SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15"
            },
            {
              "name": "https://support.umbrella.com/hc/en-us/articles/115004154423",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.umbrella.com/hc/en-us/articles/115004154423"
            },
            {
              "name": "101567",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/101567"
            },
            {
              "name": "https://www.info-sec.ca/advisories/Cisco-Umbrella.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.info-sec.ca/advisories/Cisco-Umbrella.html"
            },
            {
              "name": "20230816 Cisco Umbrella Virtual Appliance Undocumented Support Tunnel Vulnerability",
              "refsource": "CISCO",
              "tags": [],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-tunnel-gJw5thgE"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 1.5,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 0.5,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-08-17T19:15Z",
      "publishedDate": "2017-12-01T17:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-6679 (GCVE-0-2017-6679)

CISCO-SA-UMBRELLA-TUNNEL-GJW5THGE

FKIE_CVE-2017-6679

GHSA-X42G-FJ2G-26MM

VAR-201712-1083

CNVD-2017-33270

GSD-2017-6679

Tags

Sightings

Nomenclature