dataendure-banner.jpg

DataEndure Blog

Security

Security Advisory: Cisco Umbrella Enterprise Roaming Client Privilege Escalation Vulnerability

Shahin Pirooz | Sep 10, 2018 2:27:26 PM

Situation
Two high-severity vulnerabilities were found within the Cisco Umbrella platform.

Problem

Within the Cisco umbrella platform, the Umbrella Roaming Client runs as System on startup and consumes several files within a directory.  It has been discovered that local users had the ability to write data to this directory. As a result, malicious files could be placed within the directory and ran to create or elevate user permissions.

Implication 
An attacker could gain full administrative privileges on the system and the ability to take full control of the machine.

Need
To address the issue, users need to update their Cisco Umbrella platforms and make sure:

  • Cisco Umbrella ERC is at least version 2.1.127 or later
  • The roaming client is at least version 4.6.1098 or later.

Read More
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-priv

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-file-read

 

Sign-up for DataEndure’s Free Vulnerability Assessment