Cisco Closes Backdoor to Umbrella Virtual Appliances

Haythem Elmir

Cisco Umbrella is a cloud-based Secure Internet Gateway (SIG) designed to provide visibility and protection for devices on and outside the corporate network. Virtual appliances allow organizations to map internal IPs to internal Active Directory users and computers, and forward external DNS queries from the network to an Umbrella data center.

The vulnerability, discovered by David Coomber and tracked as CVE-2017-6679, is related to an undocumented SSH tunnel between the Umbrella Virtual Appliance and a terminating server in Cisco’s data centers. This encrypted channel is designed to allow Cisco support personnel to troubleshoot customer installations and it provides unrestricted access.

In Umbrella Virtual Appliance 2.0.3 and prior versions this tunnel is always enabled and accessing it does not require explicit permission from the customer. A connection does however require valid keys that are only provided to privileged Cisco Umbrella support staff.

to read the original article:

Laisser un commentaire

Next Post

Google Discloses Critical Wi-Fi Flaws Affecting iOS, Android

Google Project Zero has disclosed the details of two critical remote code execution vulnerabilities affecting the Broadcom Wi-Fi chips found in many Android and iOS devices. The flaws, identified as CVE-2017-11120 and CVE-2017-11121, were patched in Android on September 5 with this month’s security updates and in iOS on September […]