var-201712-1083
Vulnerability from variot
The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established. Cisco Umbrella Virtual appliances contain vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscoUmbrellaVirtualAppliance is a cloud-based secure Internet gateway device from Cisco. A security vulnerability exists in Cisco Umbrella VirtualAppliance 2.0.3 and earlier. This vulnerability could be exploited by a remote attacker to gain access to the device and to fully control the device. This may lead to further attacks.
Timeline
December 22, 2015 - Notified OpenDNS via security@opendns.com December 22, 2015 - OpenDNS responded stating that they will investigate January 4, 2016 - Asked for an update on their investigation January 11, 2016 - OpenDNS said they are working through a number of options to resolve the issue February 2, 2016 - OpenDNS advised they've shortlisted a couple of solutions and will provide another update in a week or so February 17, 2016 - OpenDNS said they would like to schedule a call to discuss February 24, 2016 - Had a call with OpenDNS to discuss possible solutions April 22, 2016 - Asked for an update on the progress of the fix May 3, 2016 - Asked for an update on the progress of the fix July 27, 2016 - Sent the vulnerability details to the Cisco PSIRT team July 29, 2016 - Cisco assigned a case number and asked to schedule a call to discuss August 17, 2016 - Had a call with the Cisco PSIRT team to discuss possible solutions September 26, 2016 - Asked for an update on the progress of the fix October 6, 2016 - Cisco provided a status update December 14, 2016 - Asked for an update on the progress of the fix December 19, 2016 - Cisco provided a status update January 10, 2017 - Asked for an update on the progress of the fix January 10, 2017 - Cisco provided a status update May 26, 2017 - Cisco assigned CVE-2017-6679 and advised that the issue would be made public in the next week June 2, 2017 - Cisco asked to move the disclosure date to August 31, 2017 August 30, 2017 - Cisco released virtual appliance version 2.1.0 which resolves this vulnerability by removing the undocumented reverse SSH tunnel September 21, 2017 - Cisco published a security advisory to document this issue
Solution
Upgrade to virtual appliance 2.1.0 or later
https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15
CVE-ID: CVE-2017-6679
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-1083",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "umbrella virtual appliance",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "2.0.3"
},
{
"model": "umbrella",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.3"
},
{
"model": "umbrella",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.0.3"
},
{
"model": "umbrella virtual appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33270"
},
{
"db": "BID",
"id": "101567"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011019"
},
{
"db": "NVD",
"id": "CVE-2017-6679"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1275"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:umbrella:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6679"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Coomber.",
"sources": [
{
"db": "BID",
"id": "101567"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1275"
}
],
"trust": 0.9
},
"cve": "CVE-2017-6679",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-6679",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-33270",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"id": "VHN-114882",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:H/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.4,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6679",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6679",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-33270",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-1275",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114882",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-6679",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33270"
},
{
"db": "VULHUB",
"id": "VHN-114882"
},
{
"db": "VULMON",
"id": "CVE-2017-6679"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011019"
},
{
"db": "NVD",
"id": "CVE-2017-6679"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1275"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer\u0027s appliance to Cisco\u0027s SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established. Cisco Umbrella Virtual appliances contain vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscoUmbrellaVirtualAppliance is a cloud-based secure Internet gateway device from Cisco. A security vulnerability exists in Cisco Umbrella VirtualAppliance 2.0.3 and earlier. This vulnerability could be exploited by a remote attacker to gain access to the device and to fully control the device. This may lead to further attacks. \n\nTimeline\n\nDecember 22, 2015 - Notified OpenDNS via security@opendns.com\nDecember 22, 2015 - OpenDNS responded stating that they will investigate\nJanuary 4, 2016 - Asked for an update on their investigation\nJanuary 11, 2016 - OpenDNS said they are working through a number of options to resolve the issue\nFebruary 2, 2016 - OpenDNS advised they\u0027ve shortlisted a couple of solutions and will provide another update in a week or so\nFebruary 17, 2016 - OpenDNS said they would like to schedule a call to discuss\nFebruary 24, 2016 - Had a call with OpenDNS to discuss possible solutions\nApril 22, 2016 - Asked for an update on the progress of the fix\nMay 3, 2016 - Asked for an update on the progress of the fix\nJuly 27, 2016 - Sent the vulnerability details to the Cisco PSIRT team\nJuly 29, 2016 - Cisco assigned a case number and asked to schedule a call to discuss\nAugust 17, 2016 - Had a call with the Cisco PSIRT team to discuss possible solutions\nSeptember 26, 2016 - Asked for an update on the progress of the fix\nOctober 6, 2016 - Cisco provided a status update\nDecember 14, 2016 - Asked for an update on the progress of the fix\nDecember 19, 2016 - Cisco provided a status update\nJanuary 10, 2017 - Asked for an update on the progress of the fix\nJanuary 10, 2017 - Cisco provided a status update\nMay 26, 2017 - Cisco assigned CVE-2017-6679 and advised that the issue would be made public in the next week\nJune 2, 2017 - Cisco asked to move the disclosure date to August 31, 2017\nAugust 30, 2017 - Cisco released virtual appliance version 2.1.0 which resolves this vulnerability by removing the undocumented reverse SSH tunnel\nSeptember 21, 2017 - Cisco published a security advisory to document this issue\n\nSolution\n\nUpgrade to virtual appliance 2.1.0 or later\n\nhttps://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15\n\nCVE-ID: CVE-2017-6679\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6679"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011019"
},
{
"db": "CNVD",
"id": "CNVD-2017-33270"
},
{
"db": "BID",
"id": "101567"
},
{
"db": "VULHUB",
"id": "VHN-114882"
},
{
"db": "VULMON",
"id": "CVE-2017-6679"
},
{
"db": "PACKETSTORM",
"id": "144723"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6679",
"trust": 3.6
},
{
"db": "BID",
"id": "101567",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011019",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1275",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-33270",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "144723",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-114882",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-6679",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33270"
},
{
"db": "VULHUB",
"id": "VHN-114882"
},
{
"db": "VULMON",
"id": "CVE-2017-6679"
},
{
"db": "BID",
"id": "101567"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011019"
},
{
"db": "PACKETSTORM",
"id": "144723"
},
{
"db": "NVD",
"id": "CVE-2017-6679"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1275"
}
]
},
"id": "VAR-201712-1083",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33270"
},
{
"db": "VULHUB",
"id": "VHN-114882"
}
],
"trust": 0.8458333299999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33270"
}
]
},
"last_update_date": "2023-12-18T13:08:36.281000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "On-Demand Tech Support SSH Tunnel for Virtual Appliances",
"trust": 0.8,
"url": "https://support.umbrella.com/hc/en-us/articles/115004154423"
},
{
"title": "Virtual Appliance - Vulnerability due to always-on SSH Tunnel - RESOLVED - 2017-09-15",
"trust": 0.8,
"url": "https://support.umbrella.com/hc/en-us/articles/115004752143-virtual-appliance-vulnerability-due-to-always-on-ssh-tunnel-resolved-2017-09-15"
},
{
"title": "CiscoUmbrellaVirtualAppliance does not authorize access to vulnerable patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/105728"
},
{
"title": "Cisco Umbrella Virtual Appliance Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76040"
},
{
"title": "Cisco: Cisco Umbrella Virtual Appliance Undocumented Support Tunnel Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-umbrella-tunnel-gjw5thge"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33270"
},
{
"db": "VULMON",
"id": "CVE-2017-6679"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011019"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1275"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-254",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114882"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011019"
},
{
"db": "NVD",
"id": "CVE-2017-6679"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://support.umbrella.com/hc/en-us/articles/115004752143-virtual-appliance-vulnerability-due-to-always-on-ssh-tunnel-resolved-2017-09-15"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/101567"
},
{
"trust": 1.8,
"url": "https://support.umbrella.com/hc/en-us/articles/115004154423"
},
{
"trust": 1.8,
"url": "https://www.info-sec.ca/advisories/cisco-umbrella.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6679"
},
{
"trust": 1.2,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-umbrella-tunnel-gjw5thge"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6679"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://umbrella.cisco.com/)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33270"
},
{
"db": "VULHUB",
"id": "VHN-114882"
},
{
"db": "VULMON",
"id": "CVE-2017-6679"
},
{
"db": "BID",
"id": "101567"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011019"
},
{
"db": "PACKETSTORM",
"id": "144723"
},
{
"db": "NVD",
"id": "CVE-2017-6679"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1275"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-33270"
},
{
"db": "VULHUB",
"id": "VHN-114882"
},
{
"db": "VULMON",
"id": "CVE-2017-6679"
},
{
"db": "BID",
"id": "101567"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011019"
},
{
"db": "PACKETSTORM",
"id": "144723"
},
{
"db": "NVD",
"id": "CVE-2017-6679"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1275"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33270"
},
{
"date": "2017-12-01T00:00:00",
"db": "VULHUB",
"id": "VHN-114882"
},
{
"date": "2017-12-01T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6679"
},
{
"date": "2017-10-24T00:00:00",
"db": "BID",
"id": "101567"
},
{
"date": "2017-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011019"
},
{
"date": "2017-10-24T12:22:22",
"db": "PACKETSTORM",
"id": "144723"
},
{
"date": "2017-12-01T17:29:00.667000",
"db": "NVD",
"id": "CVE-2017-6679"
},
{
"date": "2017-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1275"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33270"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114882"
},
{
"date": "2023-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6679"
},
{
"date": "2017-10-24T00:00:00",
"db": "BID",
"id": "101567"
},
{
"date": "2017-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011019"
},
{
"date": "2023-08-17T19:15:09.613000",
"db": "NVD",
"id": "CVE-2017-6679"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1275"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1275"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Umbrella Vulnerabilities related to security functions in virtual appliances",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011019"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1275"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.