Cisco Umbrella vulnerabilities

CVE-2022-20969 [MEDIUM] CWE-79 CVE-2022-20969: A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticate A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to the w

CVE-2022-20773 [HIGH] CWE-321 CVE-2022-20773: A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (V A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the

CVE-2017-6679 [MEDIUM] CVE-2017-6679: The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted rem The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella tea