QSearchQSearch

CVE-2017-6679

6.4 MEDIUM

The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto i...

Published: 2017-12-01 · Last updated: 2026-06-22

Severity and scoring

CVSS
6.4 MEDIUM
Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

VendorProduct
ciscoumbrella_virtual_appliance

Description

The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-20262 A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to... (6.5 MEDIUM)
  • CVE-2026-20245 A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vM... (7.8 HIGH)
  • CVE-2026-20233 A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct... (6.1 MEDIUM)
  • CVE-2026-20182 May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the wa... (10.0 CRITICAL)
  • CVE-2026-5944 An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central (8.2 HIGH)