CVE-2017-6679
6.4 MEDIUMThe Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto i...
Published: 2017-12-01 · Last updated: 2026-06-22
Severity and scoring
- CVSS
- 6.4 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
| Vendor | Product |
|---|---|
| cisco | umbrella_virtual_appliance |
Description
The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2017-6679
- [Other]http://www.securityfocus.com/bid/101567
- [Vendor advisory]https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-tunnel-gJw5thgE
- [Other]https://support.umbrella.com/hc/en-us/articles/115004154423
- [Other]https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15
- [Other]https://www.info-sec.ca/advisories/Cisco-Umbrella.html
- [Other]http://www.securityfocus.com/bid/101567
- [Vendor advisory]https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-tunnel-gJw5thgE
- [Other]https://support.umbrella.com/hc/en-us/articles/115004154423
- [Other]https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15
- [Other]https://www.info-sec.ca/advisories/Cisco-Umbrella.html
Related CVEs
Same vendor
- CVE-2026-20262 — A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to... (6.5 MEDIUM)
- CVE-2026-20245 — A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vM... (7.8 HIGH)
- CVE-2026-20233 — A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct... (6.1 MEDIUM)
- CVE-2026-20182 — May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the wa... (10.0 CRITICAL)
- CVE-2026-5944 — An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central (8.2 HIGH)