CVE-2017-6679
CVE-2017-6679 is a medium-severity vulnerability in Cisco Umbrella Virtual Appliance with a CVSS 3.x base score of 6.4. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 3.x base score 6.4)
- CVSS v2: 6.0
- EPSS exploit prediction: 0% (28th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Cisco Umbrella Virtual Appliance
- Published:
- Last modified:
Description
The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.
Frequently asked questions
- What is CVE-2017-6679?
- The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.
- How severe is CVE-2017-6679?
- CVE-2017-6679 has a CVSS 3.x base score of 6.4, rated medium severity. It is exploitable over local access with high attack complexity, requires high privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2017-6679 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (28th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2017-6679?
- CVE-2017-6679 affects Cisco Umbrella Virtual Appliance. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2017-6679?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2017-6679 published?
- CVE-2017-6679 was published on 2017-12-01 and last updated on 2026-06-22.
References
- http://www.securityfocus.com/bid/101567
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-tunnel-gJw5thgE
- https://support.umbrella.com/hc/en-us/articles/115004154423
- https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15
- https://www.info-sec.ca/advisories/Cisco-Umbrella.html
Affected products (1)
- cpe:2.3:a:cisco:umbrella_virtual_appliance:*:*:*:*:*:*:*:*
More vulnerabilities in Cisco Umbrella Virtual Appliance
- CVE-2017-12350 — High (CVSS 8.2): A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local…
- CVE-2022-20773 — High (CVSS 7.5): A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an…
- CVE-2026-20246 — Medium (CVSS 6.0): A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to…
- CVE-2022-20922 — Medium (CVSS 5.8): Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on…