—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco Umbrella API Unauthorized Access Vulnerability
Advisory ID: cisco-sa-20180905-umbrella-api
Revision: 1.0
For Public Release: 2018 September 5 16:00 GMT
Last Updated: 2018 September 5 16:00 GMT
CVE ID(s): CVE-2018-0435
CVSS Score v(3): 9.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
+———————————————————————
Summary
=======
A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations.
The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJbkADJXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczQqIP/00bDuI5mzsTo5Z5Ln7RtuY/2hnp
k64wnDUEVBhdPSMDbgX88ut3PoKspsjdo29v+WTBuZoBIIaojJwwttDoP6d38SpM
HAlmOw/nHJdvXYZdGZ19CDwhSflC9SHO4WV6YUNGDh0n2CGLRsYuaueIqkY+poe5
GXVHHH8XLRP0ChyKy5LEttMxILay0oWW0uluGqjLJ5nZDLj+e9Kp5EcIwN2r0kw+
JhEeFXrYJ5kZxvcTYoGU42HJUoipQN8IRcQ+zO3D8mszBZ+7kAFgbTC5vvLl5qyq
GVAEFW+aGHrpBxuT80OS08NvFPN4trFd8++jBjSfKUEL/Y6CUOE592/whli2JcVM
7Da2QxcXrIDEexfYhmmeA41FP9vkZg9J9JvX4zQH/q8xUNQQQlxqmvIN/L9jjpuR
LIao/Lmo6duTIneZscnB/dsv0zFLdVNps/dQZiI9zJeMU9RL6pGuQUdaplGaNzct
FTHTkxGLtmCNwGxrh70ZeAtyH7CMtvrQAA5bqC7AtkDQyfEQw1lhAMDB5AhpLaXJ
YUpZ3MtdAqdXgvclKnNYXE3MjER0hlXOLlC4uVyuA5sKT1HK490tC8ne3pGgKLWm
Ec/Rn039/UCq9qq/ZMgob/w5n/O817aH9CAWOzGcwCalbQ9JidxN5dt6je/40Og5
1qtF1NIaMRBPluc/
=YSuG
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com