Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Umbrella Secure Web Gateway File Decryption Bypass Vulnerability
Vulnerability Description
A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption function uses the TLS Sever Name Indication (SNI) extension of an HTTP request to discover the destination domain and determine if the request needs to be decrypted. An attacker could exploit this vulnerability by sending a crafted request over TLS from a client to an unknown or controlled URL. A successful exploit could allow an attacker to bypass the decryption process of Cisco Umbrella SWG and allow malicious content to be downloaded to a host on a protected network. There are workarounds that address this vulnerability.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Vulnerability Type
保护机制失效
Vulnerability Title
Cisco Umbrella 加密问题漏洞
Vulnerability Description
Cisco Umbrella是美国思科(Cisco)公司的一套云安全平台。该平台能够预防网络钓鱼、恶意软件和勒索软件等网络威胁。 Cisco Umbrella Secure Web Gateway (SWG) 中存在安全漏洞,攻击者可以通过从客户端通过 TLS 向未知或受控 URL 发送精心设计的请求来绕过 Cisco Umbrella SWG 的解密过程,并允许将恶意内容下载到受保护网络上的主机。
CVSS Information
N/A
Vulnerability Type
N/A