CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2018-0437 – Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-0437
A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges. Una vulnerabilidad en Cisco Umbrella Enterprise Roaming Client (ERC) podría permitir que un atacante local autenticado eleve privilegios a Administrator. • https://www.exploit-db.com/exploits/45339 http://www.securityfocus.com/bid/105292 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-priv • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-0438 – Cisco Umbrella Enterprise Roaming Client Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-0438
A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges. Una vulnerabilidad en Cisco Umbrella Enterprise Roaming Client (ERC) podría permitir que un atacante local autenticado eleve privilegios a Administrator. • https://www.exploit-db.com/exploits/45339 http://www.securityfocus.com/bid/105286 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-file-read • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12350
https://notcve.org/view.php?id=CVE-2017-12350
A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance. A successful exploit could allow the attacker to log in to the affected appliance with root privileges. Cisco Bug IDs: CSCvg31220. • http://www.securityfocus.com/bid/101879 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-uva https://www.info-sec.ca/advisories/Cisco-Umbrella-Hardcoded-Credentials.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6679
https://notcve.org/view.php?id=CVE-2017-6679
The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established. Cisco Umbrella Virtual Appliance en sus versiones 2.0.3 y anteriores contenían un túnel de soporte remoto cifrado sin documentar (SSH) que se iniciaba automáticamente desde la máquina del cliente a los hubs SSH de Cisco en los CPD de Umbrella. Estos túneles se utilizaban en principio para proporcionar soporte remoto y permitían al personal autorizado/autenticado del equipo de Cisco Umbrella para que accediesen a la máquina remotamente y obtuvieses el control total sin la aprobación explícita del cliente. • http://www.securityfocus.com/bid/101567 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-tunnel-gJw5thgE https://support.umbrella.com/hc/en-us/articles/115004154423 https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15 https://www.info-sec.ca/advisories/Cisco-Umbrella.html •