Cisco ThousandEyes Enterprise Agent BrowserBot Command Injection Vulnerability

A command injection vulnerability has been identified in the BrowserBot component of Cisco ThousandEyes Enterprise Agent. This vulnerability could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents, using the BrowserBot synthetics orchestration process. The issue arose from inadequate input validation of command arguments provided by users. An attacker with valid credentials for the ThousandEyes SaaS and the ability to manage transaction tests could have exploited this vulnerability by sending crafted input through the affected parameter. Successful exploitation would have allowed the attacker to execute arbitrary commands within the BrowserBot container as the 'node' user.

Impact

Exploitation of this vulnerability could have led to unauthorized command execution within the BrowserBot container, under the privileges of the 'node' user.

Remediation

Cisco has fixed this vulnerability in the cloud-based version of ThousandEyes BrowserBot. No action is required from users to update on-premises software or devices. For additional information, customers can contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.