Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability

A vulnerability exists in the CLI of Cisco ThousandEyes Enterprise Agent, specifically in the Linux Package installation type. It allows an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This issue arises from improper access controls on files in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a designated location, bypassing file system permissions to overwrite files on the device.

Impact

Exploitation of this vulnerability could lead to unauthorized overwriting of files on the affected device, potentially causing data loss or disruption of services.

Remediation

Users are advised to upgrade to Cisco ThousandEyes Enterprise Agent version 1.234.0 or later. For Cisco ThousandEyes Enterprise virtual appliances, upgrades are automatically managed through the unattended upgrades package, which installs critical security fixes. Consult the Cisco Support and Downloads page for more information on obtaining the fixed software.