You are here
Home > Preporuke > Ranjivost Cisco Umbrella API

Ranjivost Cisco Umbrella API

by - 0
  • Detalji os-a: WN7
  • Važnost: URG
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Umbrella API Unauthorized Access Vulnerability

Advisory ID: cisco-sa-20180905-umbrella-api

Revision: 1.0

For Public Release: 2018 September 5 16:00 GMT

Last Updated: 2018 September 5 16:00 GMT

CVE ID(s): CVE-2018-0435

CVSS Score v(3): 9.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

+———————————————————————

Summary

=======

A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations.

The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbkADJXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczQqIP/00bDuI5mzsTo5Z5Ln7RtuY/2hnp
k64wnDUEVBhdPSMDbgX88ut3PoKspsjdo29v+WTBuZoBIIaojJwwttDoP6d38SpM
HAlmOw/nHJdvXYZdGZ19CDwhSflC9SHO4WV6YUNGDh0n2CGLRsYuaueIqkY+poe5
GXVHHH8XLRP0ChyKy5LEttMxILay0oWW0uluGqjLJ5nZDLj+e9Kp5EcIwN2r0kw+
JhEeFXrYJ5kZxvcTYoGU42HJUoipQN8IRcQ+zO3D8mszBZ+7kAFgbTC5vvLl5qyq
GVAEFW+aGHrpBxuT80OS08NvFPN4trFd8++jBjSfKUEL/Y6CUOE592/whli2JcVM
7Da2QxcXrIDEexfYhmmeA41FP9vkZg9J9JvX4zQH/q8xUNQQQlxqmvIN/L9jjpuR
LIao/Lmo6duTIneZscnB/dsv0zFLdVNps/dQZiI9zJeMU9RL6pGuQUdaplGaNzct
FTHTkxGLtmCNwGxrh70ZeAtyH7CMtvrQAA5bqC7AtkDQyfEQw1lhAMDB5AhpLaXJ
YUpZ3MtdAqdXgvclKnNYXE3MjER0hlXOLlC4uVyuA5sKT1HK490tC8ne3pGgKLWm
Ec/Rn039/UCq9qq/ZMgob/w5n/O817aH9CAWOzGcwCalbQ9JidxN5dt6je/40Og5
1qtF1NIaMRBPluc/
=YSuG
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorZvonimir Bosnjak
Cert idNCERT-REF-2018-09-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Ranjivost Cisco Prime Access Registrar proizvoda

Otkrivena je ranjivost upravljača TCP protokola kod Cisco Prime Access Registrar proizvoda uzrokovana pogrešnim rukovanjem dolaznih TCP SYN paketa na...

Close