CVE-2026-20161

Summary

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device.

This vulnerability is due to improper access controls on files that are on the local file system of an affected device. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to bypass file system permissions and overwrite arbitrary files on the affected device.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco ThousandEyes Enterprise AgentAgent 5.0affected
CiscoCisco ThousandEyes Enterprise AgentAgent 4.4.4affected
CiscoCisco ThousandEyes Enterprise AgentAgent 4.4.3affected
CiscoCisco ThousandEyes Enterprise AgentAgent 4.4.2affected
CiscoCisco ThousandEyes Enterprise AgentAgent 4.2affected
CiscoCisco ThousandEyes Enterprise AgentAgent 4.1affected
CiscoCisco ThousandEyes Enterprise AgentAgent 4.0affected
CiscoCisco ThousandEyes Enterprise AgentAgent 5.1affected
CiscoCisco ThousandEyes Enterprise AgentAgent 5.1.2affected

Weaknesses

  • CWE-59: Improper Link Resolution Before File Access ('Link Following')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References