Umbrella
CVE-2021-1350
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionNVD
A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. The vulnerability exists due to insufficient rate limiting controls in the web UI. An attacker could exploit this vulnerability by sending crafted HTTPS packets at a high and sustained rate. A successful exploit could allow the attacker to negatively affect the performance of the web UI. Cisco has addressed this vulnerability.
AnalysisAI
A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. The vulnerability exists due to insufficient rate limiting controls in the web UI. An attacker could exploit this vulnerability by sending crafted HTTPS packets at a high and sustained rate. A successful exploit could allow the attacker to negatively affect the performance of the web UI. Cisco has addressed this vulnerability. Affected products include: Cisco Umbrella.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set resource limits, implement rate limiting, validate input sizes.
A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across t
A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an au
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could all
The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (
A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user t
A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cro
A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker t
A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an
A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriag
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could all
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today