Cisco ThousandEyes Endpoint Agent Certificate Validation Vulnerability on macOS and RoomOS
Vulnerability
A vulnerability exists in the certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS. This issue could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. The vulnerability arises because the software fails to properly validate certificates for hosted metrics services. An on-path attacker could exploit this by intercepting network traffic with a crafted certificate, potentially allowing them to impersonate a trusted host and alter communications between the metrics service and the client.
Impact
Exploitation could enable an attacker to intercept and manipulate metrics data, potentially altering the information reported by the ThousandEyes Endpoint Agent.
Remediation
Cisco has released updates for this vulnerability. The first fixed release for macOS is version 1.206.3, and for RoomOS, it is version 1.207.21. Administrators may also disable the agent instant test feature as a temporary measure, but should evaluate the impact of this workaround on their network.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.