Executive Summary

Title Cisco Umbrella Dashboard Session Expiration Issue
Name cisco-sa-20180316-umb First vendor Publication 2018-03-16
Vendor Cisco Last vendor Modification 2018-03-16
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores


Cisco Umbrella uses the internet infrastructure to block connections to malicious destinations before any connections to those destinations can be established. Cisco Umbrella also provides visibility into internet activity across all devices and all ports, even when users are no longer connected to the corporate network. Cisco Umbrella is configured and managed by using a browser-based interface, the Cisco Umbrella Dashboard.

On March 14, 2018, the Cisco Umbrella Dashboard was updated to enforce new default session timeout values that impact idle and absolute timeouts for all Cisco Umbrella Dashboard sessions. The session timeout values were changed in response to a report by an external researcher who was concerned about session-timer exploitation. Additionally, these changes better align with OWASP recommendations. The new values impact idle and absolute timeouts for all Cisco Umbrella Dashboard sessions. Additional Information The new timeout values for all Cisco Umbrella Dashboard sessions have been set to the following:

Idle timeout: 20 minutes Absolute timeout: 16 hours

Additional information is available on the Cisco Umbrella Announcements page at https://support.umbrella.com/hc/en-us/articles/360000384363 ["https://support.umbrella.com/hc/en-us/articles/360000384363"]. Cisco Security Procedures Complete information about reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available from the Cisco Security Vulnerability Policy ["https://www.cisco.com/c/en/us/about/security-center/security-vulnerability-policy.html"]. This includes instructions for press inquiries regarding Cisco security incidents. All Cisco Security Advisories are available from https://www.cisco.com/go/psirt ["https://www.cisco.com/go/psirt"].


iQJ5BAEBAgBjBQJaq+pJXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczUXMQALLZJ9Q1zHrhIeu7jLo63aNjKlm1 5024Wqy7nowCgyoqb72HcCUTiQOkJ3S/c42Bj67/ZUd/RqxbEma77ei7L3BMkcnx /63PsezAMDAZ82ss6+EBNc3/MAwxbivX+jHlekpObsKo6y1nq2Jubd5XOn0yt271 eeNDBitLZIs6xyedsJguFynGwZJTbVWUT73iqEK+/x2/g1wsShxGRaf/us1PHb/j lhE20V+a6JkKAEIJ0aQsilCBZ0sgeT5e4+NodNaoRF2D2vCL042rml9bfqdpzbgs +05iK9HxRc5g8aLymB3fNqgpK1lus7rHtCfLIzG3MQ3lgAQbz6/1tI6ZHUx2Gipy HpKsjNVw4ZFSk4Z6Nzg2Igu04X6++MdP0Fwg2jh3KlPs1nHsDKVQUOkzBTRhNGRe XcL5J6nXK96zKtJXJSLEkxIKffRThr4W97FPL8yuToMnIC9LmE6V90KiJ1P/tNeW xG6Yovxy/n2vAJjz9vMf5aRNERqo+DX1pKeFz8eMNikt0hqOmvkI44hUAKsE9EFO v4E2MzWZY4SV/XM+jT2x5/r71OxcEIR/FnLqKWQltYVkTXZUjmi+ELnAAaGw5zVL oBrqUDlRP6qRSPj0mIBHvpv7RdrAqhkF3y1LZUvPT83xrWgZQoxOQrWlOZbxcCKq SFw9e7EdTxXNEH1q =dq8J END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

Alert History

If you want to see full details history, please login or register.
Date Informations
2018-03-16 21:18:58
  • First insertion