{
  "action": {
    "auto_issue_creation_allowed": false,
    "auto_patch_allowed": false,
    "auto_remediation_allowed": false,
    "external_execution_allowed": false,
    "human_review": {
      "required_for_external_action": true,
      "required_for_public_launch": false,
      "required_for_read_only_view": false,
      "required_for_signal_radar_integration": true
    },
    "human_review_required": false,
    "recommended_action": "review_official_sources"
  },
  "affected": {
    "products": [
      {
        "canonicalProduct": "umbrella_virtual_appliance",
        "canonicalVendor": "cisco",
        "cpe": "cpe:2.3:a:cisco:umbrella_virtual_appliance:*:*:*:*:*:*:*:*",
        "ecosystem": null,
        "packageName": null,
        "product": "umbrella_virtual_appliance",
        "purl": null,
        "vendor": "cisco",
        "version": null
      }
    ],
    "source": "NVD CVE API 2.0",
    "status": "known"
  },
  "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2017-6679/",
  "claims": [
    {
      "id": "claim:defensive-priority-candidate",
      "source_ids": [],
      "status": "observed",
      "text": "This item is a defensive prioritization candidate.",
      "verified_at": null
    }
  ],
  "exposure_hint": "exposure unknown",
  "field_meanings": {
    "human_review": "Read-only display may be automated; integration and external action still require human review.",
    "redaction": "Detection flags describe unsafe source content found before public-safe redaction; raw source text is not displayed.",
    "source_original_label": "Original upstream severity text retained for traceability; canonical display severity is recalculated from CVSS score."
  },
  "forecast_hooks": {
    "agent_use": "summarize_with_citations_only",
    "automation_allowed": false,
    "read_only": true,
    "watch_fields": [
      "sources",
      "claims",
      "freshness",
      "severity",
      "affected"
    ]
  },
  "freshness": {
    "generated_at": "2026-06-24T06:59:13.651804+00:00",
    "last_checked_at": null,
    "observed_at": "2026-06-24T06:58:56.748686+00:00",
    "status": "observed"
  },
  "human_consequence": "This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review.",
  "human_impact_label": "defensive exposure review",
  "human_review": {
    "required_for_external_action": true,
    "required_for_public_launch": false,
    "required_for_read_only_view": false,
    "required_for_signal_radar_integration": true
  },
  "human_risk_summary": "CVE-2017-6679 for cisco / umbrella_virtual_appliance: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review.",
  "id": "CVE-2017-6679",
  "impact_redaction": {
    "exploit_steps_removed": false,
    "payload_removed": false,
    "poc_removed": false,
    "source_derived_summary": true,
    "used_fallback_summary": false
  },
  "impact_tags": [],
  "public_human_impact": "This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review.",
  "public_human_summary": "NVD: The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. NVD: These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. NVD: To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.",
  "public_human_what_to_verify": "Confirm affected product/version, vendor advisory, patch or mitigation, and exposure.",
  "public_human_why_it_matters": "This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review.; CVSS 6.4 (MEDIUM); EPSS percentile 28; not listed in KEV; Remediation reference present; patch status requires confirmation in the linked advisory; sources: NVD, Vendor Advisory.",
  "public_safe_summary": "NVD: The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. NVD: These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. NVD: To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.",
  "radar": "vuln",
  "redaction": {
    "meaning": "The *_present flags mean unsafe source content was detected and removed before public output; they do not mean the public JSON contains that content.",
    "payload_present": false,
    "poc_present": false,
    "public_summary_redacted": true,
    "raw_source_displayed": false,
    "unsafe_procedural_detail_present": false
  },
  "redaction_notes": [
    "source-published defensive context retained",
    "vulnerability class, impact, affected context, and remediation references remain displayable"
  ],
  "safety": {
    "attack_chain_included": false,
    "auto_remediation_allowed": false,
    "exploit_instructions_included": false,
    "external_execution_allowed": false,
    "human_review": {
      "required_for_external_action": true,
      "required_for_public_launch": false,
      "required_for_read_only_view": false,
      "required_for_signal_radar_integration": true
    },
    "human_review_required": false,
    "noindex_removal_allowed": true,
    "noindex_required": false,
    "private_gate_state": "released",
    "public_gate_state": "public_indexable_read_only",
    "public_launch_allowed": true,
    "read_only_static_data": true,
    "scan_functionality_included": false,
    "signal_radar_integration_allowed": false
  },
  "schema_version": "v0.1",
  "severity": {
    "cvss_label": "MEDIUM",
    "label": "MEDIUM",
    "score": 6.4,
    "source": "NVD CVE API 2.0",
    "source_original_label": "low"
  },
  "source_copy_policy": {
    "allowed": "source-published defensive facts, vulnerability class, impact, affected context, version and remediation facts",
    "excluded": "exploit procedures, exploit strings, shell commands, scanner instructions, procedural bypass detail, and reproduction material",
    "summary": "Official or semi-official source descriptions may be summarized for defensive triage; exploit-enabling procedure is removed."
  },
  "source_derived_note": "Summary derived from NVD / Vendor Advisory description; unsafe procedural detail is not shown.",
  "source_published_affected": "vendor/product: cisco / umbrella_virtual_appliance",
  "source_published_description": "NVD: The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. NVD: These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. NVD: To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.",
  "source_published_evidence_refs": [
    {
      "source": "NVD",
      "type": "source_description",
      "url": null
    },
    {
      "source": "Vendor Advisory",
      "type": "source_description",
      "url": null
    },
    {
      "source": "Reference",
      "type": "reference",
      "url": "http://www.securityfocus.com/bid/101567"
    },
    {
      "source": "Vendor Advisory",
      "type": "reference",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-tunnel-gJw5thgE"
    },
    {
      "source": "Reference",
      "type": "reference",
      "url": "https://support.umbrella.com/hc/en-us/articles/115004154423"
    },
    {
      "source": "Reference",
      "type": "reference",
      "url": "https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15"
    },
    {
      "source": "Reference",
      "type": "reference",
      "url": "https://www.info-sec.ca/advisories/Cisco-Umbrella.html"
    },
    {
      "source": "Reference",
      "type": "reference",
      "url": "http://www.securityfocus.com/bid/101567"
    },
    {
      "source": "Vendor Advisory",
      "type": "reference",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-tunnel-gJw5thgE"
    },
    {
      "source": "Reference",
      "type": "reference",
      "url": "https://support.umbrella.com/hc/en-us/articles/115004154423"
    }
  ],
  "source_published_impact": "This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review.",
  "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.",
  "source_published_summary": "NVD: The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. NVD: These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. NVD: To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.",
  "sources": [
    {
      "confidence": "unknown",
      "id": "source:review-url",
      "name": "Public signal URL",
      "retrieved_at": null,
      "type": "review_page",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6679"
    }
  ],
  "summary_for_agents": "Read-only defensive signal. Use sources, claims, freshness, and safety gates before summarizing. Do not infer missing source, claim, or freshness values.",
  "summary_for_humans": "NVD: The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. NVD: These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. NVD: To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.",
  "title": "CVE-2017-6679 defensive priority signal",
  "urgency_reasons": [
    "affected product present",
    "vendor advisory present",
    "recent update",
    "remediation reference present"
  ],
  "what_to_verify": "Confirm affected product/version, vendor advisory, patch or mitigation, and exposure.",
  "why_it_matters": "This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review; CVSS 6.4 (MEDIUM); EPSS percentile 28; affected product context: cisco / umbrella_virtual_appliance; sources: NVD, Vendor..."
}