Executive Summary
| Summary | |
|---|---|
| Title | Cisco Umbrella Dashboard Session Expiration Issue |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20180316-umb | First vendor Publication | 2018-03-16 |
| Vendor | Cisco | Last vendor Modification | 2018-03-16 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Cisco Umbrella uses the internet infrastructure to block connections to malicious destinations before any connections to those destinations can be established. Cisco Umbrella also provides visibility into internet activity across all devices and all ports, even when users are no longer connected to the corporate network. Cisco Umbrella is configured and managed by using a browser-based interface, the Cisco Umbrella Dashboard. On March 14, 2018, the Cisco Umbrella Dashboard was updated to enforce new default session timeout values that impact idle and absolute timeouts for all Cisco Umbrella Dashboard sessions. The session timeout values were changed in response to a report by an external researcher who was concerned about session-timer exploitation. Additionally, these changes better align with OWASP recommendations. The new values impact idle and absolute timeouts for all Cisco Umbrella Dashboard sessions. Additional Information The new timeout values for all Cisco Umbrella Dashboard sessions have been set to the following: Idle timeout: 20 minutes Absolute timeout: 16 hours Additional information is available on the Cisco Umbrella Announcements page at https://support.umbrella.com/hc/en-us/articles/360000384363 ["https://support.umbrella.com/hc/en-us/articles/360000384363"]. Cisco Security Procedures Complete information about reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available from the Cisco Security Vulnerability Policy ["https://www.cisco.com/c/en/us/about/security-center/security-vulnerability-policy.html"]. This includes instructions for press inquiries regarding Cisco security incidents. All Cisco Security Advisories are available from https://www.cisco.com/go/psirt ["https://www.cisco.com/go/psirt"]. BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJaq+pJXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczUXMQALLZJ9Q1zHrhIeu7jLo63aNjKlm1 5024Wqy7nowCgyoqb72HcCUTiQOkJ3S/c42Bj67/ZUd/RqxbEma77ei7L3BMkcnx /63PsezAMDAZ82ss6+EBNc3/MAwxbivX+jHlekpObsKo6y1nq2Jubd5XOn0yt271 eeNDBitLZIs6xyedsJguFynGwZJTbVWUT73iqEK+/x2/g1wsShxGRaf/us1PHb/j lhE20V+a6JkKAEIJ0aQsilCBZ0sgeT5e4+NodNaoRF2D2vCL042rml9bfqdpzbgs +05iK9HxRc5g8aLymB3fNqgpK1lus7rHtCfLIzG3MQ3lgAQbz6/1tI6ZHUx2Gipy HpKsjNVw4ZFSk4Z6Nzg2Igu04X6++MdP0Fwg2jh3KlPs1nHsDKVQUOkzBTRhNGRe XcL5J6nXK96zKtJXJSLEkxIKffRThr4W97FPL8yuToMnIC9LmE6V90KiJ1P/tNeW xG6Yovxy/n2vAJjz9vMf5aRNERqo+DX1pKeFz8eMNikt0hqOmvkI44hUAKsE9EFO v4E2MzWZY4SV/XM+jT2x5/r71OxcEIR/FnLqKWQltYVkTXZUjmi+ELnAAaGw5zVL oBrqUDlRP6qRSPj0mIBHvpv7RdrAqhkF3y1LZUvPT83xrWgZQoxOQrWlOZbxcCKq SFw9e7EdTxXNEH1q =dq8J END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
Alert History
| Date | Informations |
|---|---|
| 2018-03-16 21:18:58 |
|
