Cisco ThousandEyes Endpoint Agent for Windows Arbitrary File Deletion Vulnerability

A vulnerability exists in the update process of Cisco ThousandEyes Endpoint Agent for Windows, allowing authenticated, local attackers to delete arbitrary files on affected devices. This issue arises from improper access controls on local files, enabling attackers to exploit the vulnerability by using symbolic links to redirect delete operations during an agent upgrade. As a result, attackers could remove protected files from the device's file system.

Impact

Exploitation of this vulnerability could lead to the unauthorized deletion of files on the affected device.

Remediation

Users can upgrade to Cisco ThousandEyes Endpoint Agent version 2.3.3 or later to address this vulnerability. For guidance on software upgrades, consult the Cisco Security Vulnerability Policy and the Cisco Security Advisories page.