A vulnerability in the Cisco Umbrella API could allow an authenticated, remote malicious user to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the malicious user to read or modify data across multiple organizations.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco umbrella |
Replace those end-of-life VPN devices, they won't be patched
Cisco has taken delivery of a bulk order for 29 Common Vulnerabilities and Exposures (CVEs) IDs. If you're running the end-of-life RV110 Wireless-N VPN firewall or RV215W Wireless-N VPN router, bad news: some of their security vulnerabilities won't be patched and there's no workaround – so it is probably time to replace them. Those are listed in one of two new critical-rated CVEs, the other of which Cisco fixed without your help. Users don't need to take any action about the now-patched authen...