cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-20246,https://securityvulnerability.io/vulnerability/CVE-2023-20246,Access Control Bypass Vulnerability in Cisco Products,"A vulnerability exists in Cisco's Snort access control policies that can be exploited by an unauthenticated remote attacker. This flaw results from a logic error during the population of access control policies, allowing the attacker to bypass existing rules configured on affected Cisco devices. By establishing a connection to these devices, an attacker could effectively circumvent security measures in place, posing a significant risk to network integrity and data protection.",Cisco,"Cisco Firepower Threat Defense Software,Cisco Umbrella Insights Virtual Appliance",5.8,MEDIUM,0.0008900000248104334,false,,false,false,true,2024-09-06T17:15:03.000Z,,false,false,,2023-11-01T18:15:00.000Z,0
CVE-2023-20071,https://securityvulnerability.io/vulnerability/CVE-2023-20071,Vulnerability in Snort Detection Engine Affects Cisco Products,"A vulnerability exists within the FTP module of Cisco's Snort detection engine, which enables unauthenticated, remote attackers to potentially bypass established security policies on affected systems. By sending specifically crafted FTP traffic, attackers can exploit this flaw to evade FTP inspections and potentially deliver malicious payloads. This poses a significant risk to network integrity, allowing unauthorized access and potentially harmful activities.",Cisco,"Cisco Firepower Threat Defense Software,Cisco Umbrella Insights Virtual Appliance,Cisco Cyber Vision,Cisco UTD SNORT IPS Engine Software",5.8,MEDIUM,0.0009500000160187483,false,,false,false,false,,,false,false,,2023-11-01T18:15:00.000Z,0
CVE-2022-20922,https://securityvulnerability.io/vulnerability/CVE-2022-20922,Multiple Vulnerabilities in Cisco's Snort Detection Engine Affecting SMB2 Traffic,"Multiple vulnerabilities within the Server Message Block Version 2 (SMB2) processing capabilities of Cisco's Snort detection engine could be exploited by an unauthenticated remote attacker. By sending a high volume of specific SMB2 packets, attackers can disrupt the service by forcing the Snort process to reload, leading to a denial of service (DoS) condition. Furthermore, if the Snort preserve-connection option is enabled—default for Snort 3—attackers may also bypass existing security policies, allowing malicious payloads to infiltrate the protected network.",Cisco,"Cisco Firepower Threat Defense Software,Cisco Umbrella Insights Virtual Appliance,Cisco Cyber Vision",5.8,MEDIUM,0.001290000043809414,false,,false,false,true,2024-08-03T03:15:47.000Z,,false,false,,2022-11-15T21:15:00.000Z,0
CVE-2022-20969,https://securityvulnerability.io/vulnerability/CVE-2022-20969,Cross-Site Scripting Flaw in Cisco Umbrella Management Dashboard,"A cross-site scripting vulnerability exists in the management dashboard pages of Cisco Umbrella, allowing an authenticated remote attacker to submit unsanitized input. By exploiting this weakness, the attacker can execute arbitrary JavaScript code in the context of the dashboard interface. This may lead to the execution of malicious scripts or unauthorized access to sensitive information stored in the user's browser. Users of Cisco Umbrella are urged to remain cautious of potentially harmful links and ensure that they are using the latest security updates to mitigate this risk.",Cisco,Cisco Umbrella Dashboard,4.8,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-08-03T03:15:49.000Z,,false,false,,2022-11-04T18:15:00.000Z,0
CVE-2022-20805,https://securityvulnerability.io/vulnerability/CVE-2022-20805,Cisco Umbrella Secure Web Gateway File Decryption Bypass Vulnerability,"A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption function uses the TLS Sever Name Indication (SNI) extension of an HTTP request to discover the destination domain and determine if the request needs to be decrypted. An attacker could exploit this vulnerability by sending a crafted request over TLS from a client to an unknown or controlled URL. A successful exploit could allow an attacker to bypass the decryption process of Cisco Umbrella SWG and allow malicious content to be downloaded to a host on a protected network. There are workarounds that address this vulnerability.",Cisco,Cisco Umbrella Insights Virtual Appliance,4.1,MEDIUM,0.0004400000034365803,false,,false,false,true,2024-08-03T03:15:42.000Z,,false,false,,2022-04-21T19:15:00.000Z,0
CVE-2022-20773,https://securityvulnerability.io/vulnerability/CVE-2022-20773,Cisco Umbrella Virtual Appliance Static SSH Host Key Vulnerability,"A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA. Note: SSH is not enabled by default on the Umbrella VA.",Cisco,Cisco Umbrella Insights Virtual Appliance,7.5,HIGH,0.002050000010058284,false,,false,false,true,2024-08-03T03:15:40.000Z,,false,false,,2022-04-21T19:15:00.000Z,0
CVE-2022-20738,https://securityvulnerability.io/vulnerability/CVE-2022-20738,Cisco Umbrella Secure Web Gateway File Inspection Bypass Vulnerability,"A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloading a crafted payload through specific methods. A successful exploit could allow the attacker to bypass file inspection protections and download a malicious payload.",Cisco,Cisco Umbrella Insights Virtual Appliance,5.8,MEDIUM,0.003160000080242753,false,,false,false,true,2024-08-03T03:15:39.000Z,,false,false,,2022-02-10T18:15:00.000Z,0
CVE-2021-40126,https://securityvulnerability.io/vulnerability/CVE-2021-40126,Cisco Umbrella Email Enumeration Vulnerability,"A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the dashboard that appears when a user attempts to modify their email address when the new address already exists in the system. An attacker could exploit this vulnerability by attempting to modify the user's email address. A successful exploit could allow the attacker to enumerate email addresses of users in the system.",Cisco,Cisco Umbrella Insights Virtual Appliance,4.3,MEDIUM,0.0007300000288523734,false,,false,false,true,2024-08-04T03:16:55.000Z,,false,false,,2021-11-04T16:15:00.000Z,0
CVE-2021-1474,https://securityvulnerability.io/vulnerability/CVE-2021-1474,Cisco Umbrella Link and CSV Formula Injection Vulnerabilities,"Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Umbrella Insights Virtual Appliance,6.5,MEDIUM,0.0008699999889358878,false,,false,false,true,2024-08-03T17:15:57.000Z,,false,false,,2021-04-08T04:15:00.000Z,0
CVE-2021-1475,https://securityvulnerability.io/vulnerability/CVE-2021-1475,Cisco Umbrella Link and CSV Formula Injection Vulnerabilities,"Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Umbrella Insights Virtual Appliance,6.5,MEDIUM,0.0007099999929778278,false,,false,false,true,2024-08-03T17:15:57.000Z,,false,false,,2021-04-08T04:15:00.000Z,0
CVE-2021-1350,https://securityvulnerability.io/vulnerability/CVE-2021-1350,Cisco Umbrella Dashboard Packet Flood Vulnerability,"A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. The vulnerability exists due to insufficient rate limiting controls in the web UI. An attacker could exploit this vulnerability by sending crafted HTTPS packets at a high and sustained rate. A successful exploit could allow the attacker to negatively affect the performance of the web UI. Cisco has addressed this vulnerability.",Cisco,Cisco Umbrella Insights Virtual Appliance,5.3,MEDIUM,0.0009899999713525176,false,,false,false,true,2024-08-03T17:15:51.000Z,,false,false,,2021-01-20T00:00:00.000Z,0
CVE-2019-16000,https://securityvulnerability.io/vulnerability/CVE-2019-16000,Cisco Umbrella Roaming Client for Windows Install Vulnerability,"A vulnerability in the automatic update process of Cisco Umbrella Roaming Client for Windows could allow an authenticated, local attacker to install arbitrary, unapproved applications on a targeted device. The vulnerability is due to insufficient verification of the Windows Installer. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows file system. A successful exploit could allow the attacker to bypass configured policy and install unapproved applications.",Cisco,Cisco Umbrella Enterprise Roaming Client For Windows,4.4,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-05T02:15:47.000Z,,false,false,,2020-09-23T01:15:00.000Z,0
CVE-2020-3337,https://securityvulnerability.io/vulnerability/CVE-2020-3337,Cisco Umbrella Open Redirect Vulnerability,"A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.",Cisco,Cisco Umbrella,4.7,MEDIUM,0.0008699999889358878,false,,false,false,true,2024-08-04T08:16:35.000Z,,false,false,,2020-06-18T03:15:00.000Z,0
CVE-2020-3246,https://securityvulnerability.io/vulnerability/CVE-2020-3246,Cisco Umbrella Carriage Return Line Feed Injection Vulnerability,"A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to the browser of the user.",Cisco,Cisco Umbrella,4.7,MEDIUM,0.001230000052601099,false,,false,false,true,2024-08-04T08:16:31.000Z,,false,false,,2020-05-06T00:00:00.000Z,0
CVE-2019-1807,https://securityvulnerability.io/vulnerability/CVE-2019-1807,Cisco Umbrella Dashboard Session Management Vulnerability,"A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user session. The vulnerability exists due to the affected application not invalidating an existing session when a user authenticates to the application and changes the users credentials via another authenticated session. An attacker could exploit this vulnerability by using a separate, authenticated, active session to connect to the application through the web UI. A successful exploit could allow the attacker to maintain access to the dashboard via an authenticated user's browser session. Cisco has addressed this vulnerability in the Cisco Umbrella Dashboard. No user action is required.",Cisco,Cisco Umbrella,7.6,HIGH,0.0036100000143051147,false,,false,false,true,2024-08-04T19:16:11.000Z,,false,false,,2019-05-03T17:29:00.000Z,0
CVE-2019-1792,https://securityvulnerability.io/vulnerability/CVE-2019-1792,Cisco Umbrella Cross-Site Scripting Vulnerability,"A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user in a network protected by Umbrella. The vulnerability is due to insufficient validation of input parameters passed to that page. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. This vulnerability has been fixed in the current version of Cisco Umbrella. Cisco Umbrella is a cloud service.",Cisco,Cisco Umbrella,6.1,MEDIUM,0.000699999975040555,false,,false,false,true,2024-08-04T19:16:10.000Z,,false,false,,2019-04-18T01:29:00.000Z,0
CVE-2018-0435,https://securityvulnerability.io/vulnerability/CVE-2018-0435,Cisco Umbrella API Unauthorized Access Vulnerability,"A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations.",Cisco,Cisco Umbrella,9.1,CRITICAL,0.0008399999933317304,false,,false,false,false,,,false,false,,2018-10-05T14:29:00.000Z,0
CVE-2018-0438,https://securityvulnerability.io/vulnerability/CVE-2018-0438,Cisco Umbrella Enterprise Roaming Client Privilege Escalation Vulnerability,"A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges.",Cisco,Cisco Umbrella,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-10-05T14:29:00.000Z,0
CVE-2018-0437,https://securityvulnerability.io/vulnerability/CVE-2018-0437,Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module Privilege Escalation Vulnerability,"A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges.",Cisco,Cisco Umbrella,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-10-05T14:29:00.000Z,0
CVE-2017-6679,https://securityvulnerability.io/vulnerability/CVE-2017-6679,,"The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.",Cisco,Cisco Umbrella Virtual Appliance Version 2.0.3 And Prior,6.4,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2017-12-01T00:00:00.000Z,0
CVE-2017-12350,https://securityvulnerability.io/vulnerability/CVE-2017-12350,,"A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance. A successful exploit could allow the attacker to log in to the affected appliance with root privileges. Cisco Bug IDs: CSCvg31220.",Cisco,Cisco Umbrella Insights Virtual Appliance,8.2,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2017-11-16T07:00:00.000Z,0