Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Networking Cloud Security The Internet Hardware

How Cisco Fixed An Undocumented SSH Support Tunnel In Umbrella ( 24

"Vulnerability due to always-on SSH Tunnel -- RESOLVED" reads a Cisco service update. An anonymous reader writes: Described by a recent security blog post, Cisco hid a SSH backdoor in its Cisco Umbrella product, which they were using for support. Affected organizations can install version 2.1.0 of their virtual appliance which has the backdoor removed.
Cisco has described Umbrella as "the first Secure Internet Gateway in the cloud," though the now-closed tunnel "auto-initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters." Cisco adds that it "did not require explicit customer approval before establishment." Access to the terminating server required valid keys and was provided only to privileged support personnel within the Cisco Umbrella network space. Customers could prevent this tunnel from getting established by blocking the relevant firewall ports. However, in the case of customers who allowed establishment of the tunnel, an attacker who obtained access to the internal Cisco terminating server could use the SSH tunnel as a backdoor to obtain full control of the VA device at the customer's premises...

It is our policy that any undocumented methods of entry into your network devices be considered a vulnerability due to the potential risk of an attacker leveraging this tunnel to gain access to your network. While Cisco has NO indications that our remote support SSH hubs have ever been compromised, Cisco has made significant changes to the behavior of the remote support tunnel capability to further secure the feature...

To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established... . For additional security, customer is required to provide tunnel configuration parameters out-of-band to the Cisco support personnel before tunnel establishment.

This discussion has been archived. No new comments can be posted.

How Cisco Fixed An Undocumented SSH Support Tunnel In Umbrella

Comments Filter:
  • by Daemonik ( 171801 ) on Monday October 02, 2017 @07:53AM (#55291203) Homepage
    Presumably the programmers who work there wrote a patch and applied it?
  • by Anonymous Coward

    In the 'Resident Evil' movies, the big evil corporation that was responsible for destroying the world was called The Umbrella Corp.


    I think not.

  • to exploit the potential exploit. If the device is a tunnel initiator only (can't be connected to), then taking advantage of it requires hacking into Cisco and taking over one of their terminating servers. If you can get that far into Cisco, why stop at waiting for Umbrellas to connect?

Marvelous! The super-user's going to boot me! What a finely tuned response to the situation!