CVE-2017-6679

Description

The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.

6.4
CVSS
Severity: Medium
CVSS 3.0 •
CVSS 2.0 •
EPSS 0.10%
Vendor Advisory cisco.com
Affected: n/a Cisco Umbrella Virtual Appliance Version 2.0.3 and prior
Published at:
Updated at:

References

Link Tags
https://www.info-sec.ca/advisories/Cisco-Umbrella.html third party advisory
https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15 third party advisory
http://www.securityfocus.com/bid/101567 vdb entry third party advisory
https://support.umbrella.com/hc/en-us/articles/115004154423 third party advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-tunnel-gJw5thgE vendor advisory

Frequently Asked Questions

What is the severity of CVE-2017-6679?
CVE-2017-6679 has been scored as a medium severity vulnerability.
How to fix CVE-2017-6679?
To fix CVE-2017-6679, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2017-6679 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2017-6679 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2017-6679?
CVE-2017-6679 affects n/a Cisco Umbrella Virtual Appliance Version 2.0.3 and prior.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.