Cisco Umbrella Insights Virtual Appliance vulnerabilities

CVE-2023-20071 [MEDIUM] CWE-1039 CVE-2023-20071: Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could all Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could exploit this vulnerability by sending crafted FTP t

CVE-2023-20246 [MEDIUM] CWE-290 CVE-2023-20246: Multiple Cisco products are affected by a vulnerability in Snort access control policies that could Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability

CVE-2022-20922 [MEDIUM] CWE-244 CVE-2022-20922: Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detecti Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system r

CVE-2022-20773 [HIGH] CWE-321 CVE-2022-20773: A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (V A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the

CVE-2022-20805 [MEDIUM] CWE-693 CVE-2022-20805: A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption function uses the TLS Sever Name Indication (SNI) extension of an HTTP reques

CVE-2022-20738 [CRITICAL] CWE-693 CVE-2022-20738: A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, rem A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloading a crafted payload through specific methods. A succ

CVE-2021-40126 [MEDIUM] CWE-210 CVE-2021-40126: A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote at A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the dashboard that appears when a user attempts to modify their email address when the new address a

CVE-2021-1474 [HIGH] CWE-1236 CVE-2021-1474: Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisc Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1475 [MEDIUM] CWE-1236 CVE-2021-1475: Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisc Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1350 [MEDIUM] CWE-770 CVE-2021-1350: A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to n A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. The vulnerability exists due to insufficient rate limiting controls in the web UI. An attacker could exploit this vulnerability by sending crafted HTTPS packets at a high and sustained rate. A successful

CVE-2017-12350 [HIGH] CWE-798 CVE-2017-12350: A vulnerability in Cisco Umbrella Insights Virtual Appliances 2 A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker could exploit this vulnerability by using the hypervisor console to connect