CVE-2019-1807

Name of the Vulnerable Software and Affected Versions Cisco Umbrella Dashboard (affected versions not specified)

Description A vulnerability in the session management functionality of the Cisco Umbrella Dashboard's web UI could allow an authenticated, remote attacker to access the Dashboard via an active user session. This issue arises because the application fails to invalidate an existing session when a user's credentials are changed via another authenticated session. An attacker could exploit this by using a separate, authenticated, active session to connect to the application through the web UI, potentially maintaining access to the dashboard via an authenticated user's browser session.

Recommendations No specific version-based recommendations are provided, as the affected versions are not specified. However, Cisco has addressed this vulnerability in the Cisco Umbrella Dashboard, and no user action is required. As a general mitigation measure, consider restricting access to the Dashboard and ensuring that all sessions are properly invalidated when a user's credentials are changed.