Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system or cause a denial-of service condition.

CISA encourages users and administrators to review the following advisories and apply the necessary updates.

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability

Summary: A security vulnerability has been identified in the CLI of the Cisco ThousandEyes Enterprise Agent’s Virtual Appliance installation type. An authenticated local attacker could exploit this vulnerability to gain root privileges on an affected device. The issue arises from inadequate validation of user-supplied CLI arguments. Exploitation involves crafting commands at the prompt after authenticating to the device. Successful exploitation grants the attacker the ability to execute arbitrary commands as root. The attacker must possess valid credentials for the impacted device.

Cisco has responded by releasing software updates that rectify this vulnerability. Unfortunately, no workarounds are available to mitigate this issue.

For further details, please consult the full advisory at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-thoueye-privesc-NVhHGwb3

Affected Products: Vulnerable: This vulnerability affects the Virtual Appliance installation of Cisco ThousandEyes Enterprise Agent.

Products Confirmed Not Vulnerable: Only items listed in the Vulnerable Products section of this advisory are susceptible to this vulnerability. Cisco has verified that the following products are not impacted:

  • ThousandEyes Docker Image installation type
  • ThousandEyes Enterprise Agents on Cisco Routers with Docker
  • ThousandEyes Linux Package installation type

Workarounds: There are no known workarounds to address this vulnerability.

Fixed Software: Cisco has promptly released software updates to address this vulnerability. Customers with active service contracts can access security fixes via their usual update channels. Customers are advised to ensure they follow the terms of the Cisco software license when downloading and installing these updates. The licensing and download information is available on the Cisco Support and Downloads page.

Customers Without Service Contracts: Customers without service contracts can obtain upgrades by contacting the Cisco Technical Assistance Center (TAC). To initiate this process, please visit: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html. You’ll need to provide the product serial number and reference the URL of this advisory as proof of eligibility for a free upgrade.


Source:
https://www.cisa.gov/news-events/alerts/2023/08/17/cisco-releases-security-advisories-multiple-products