The Cisco Umbrella Virtual Appliance (VA) version 2.1.0 and earlier included default static user credentials that could enable shell access from the VA console. This was intended as a contingent support mechanism – to enable troubleshooting of VAs when an SSH tunnel cannot be established.
However this mechanism could potentially allow an authenticated local attacker to log in to an affected virtual appliance with root privileges. Additional details can be found at:
While Cisco has no indications or reports from customers that this mechanism has ever been used as part of an internal attack, starting VA version 2.1.2 (which has been rolled out to all customers), root access can no longer be enabled from the VA console using these static credentials.