VYPR

Umbrella Insights Virtual Appliance

by Cisco Systems, Inc.

CVEs (13)

  • CVE-2017-12350HigNov 16, 2017
    risk 0.53cvss 8.2epss 0.00

    A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an…

  • CVE-2017-6679MedDec 1, 2017
    risk 0.42cvss 6.4epss 0.00

    The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote…

  • CVE-2026-20246Jun 17, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges…

  • CVE-2023-20246Nov 1, 2023
    risk 0.00cvss epss 0.01

    Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access…

  • CVE-2023-20071Nov 1, 2023
    risk 0.00cvss epss 0.01

    Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection…

  • CVE-2022-20922Nov 10, 2022
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected…

  • CVE-2022-20773Apr 21, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this…

  • CVE-2022-20805Apr 21, 2022
    risk 0.00cvss epss 0.00

    A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption…

  • CVE-2022-20738Feb 10, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this…

  • CVE-2021-40126Nov 4, 2021
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the dashboard that appears…

  • CVE-2021-1475Apr 8, 2021
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see…

  • CVE-2021-1474Apr 8, 2021
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see…

  • CVE-2021-1350Jan 20, 2021
    risk 0.00cvss epss 0.01

    A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. The vulnerability exists due to insufficient rate limiting controls in the web UI. An attacker could exploit this vulnerability…