cbcvebase.

Cisco Umbrella Virtual Appliance vulnerabilities

5 known vulnerabilities affecting cisco/umbrella_virtual_appliance.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2022-20773P3HIGHCVSS 7.5fixed in 3.3.22022-04-21
CVE-2022-20773 [HIGH] CWE-321 CVE-2022-20773: A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (V A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the
nvd
CVE-2017-12350P3HIGHCVSS 8.2≤ 2.1.02017-11-16
CVE-2017-12350 [HIGH] CWE-798 CVE-2017-12350: A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authe A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker could exploit this vulnerability by usi
nvd
CVE-2022-20922P3MEDIUMCVSS 6.5v1.5.4v1.5.5+30 more2022-11-15
CVE-2022-20922 [MEDIUM] CWE-244 CVE-2022-20922: Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detecti Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system r
nvd
CVE-2026-20246P4MEDIUMCVSS 6.0fixed in 3.8.52026-06-17
CVE-2026-20246 [MEDIUM] CWE-269 CVE-2026-20246: A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A
nvd
CVE-2017-6679P4MEDIUMCVSS 6.4fixed in 2.1.02017-12-01
CVE-2017-6679 [MEDIUM] CVE-2017-6679: The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted rem The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella tea
nvd
Cisco Umbrella Virtual Appliance vulnerabilities | cvebase