CVE-2026-20161
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device.
This vulnerability is due to improper access controls on files that are on the local file system of an affected device. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to bypass file system permissions and overwrite arbitrary files on the affected device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco ThousandEyes Enterprise Agent | Agent 5.0 | affected |
| Cisco | Cisco ThousandEyes Enterprise Agent | Agent 4.4.4 | affected |
| Cisco | Cisco ThousandEyes Enterprise Agent | Agent 4.4.3 | affected |
| Cisco | Cisco ThousandEyes Enterprise Agent | Agent 4.4.2 | affected |
| Cisco | Cisco ThousandEyes Enterprise Agent | Agent 4.2 | affected |
| Cisco | Cisco ThousandEyes Enterprise Agent | Agent 4.1 | affected |
| Cisco | Cisco ThousandEyes Enterprise Agent | Agent 4.0 | affected |
| Cisco | Cisco ThousandEyes Enterprise Agent | Agent 5.1 | affected |
| Cisco | Cisco ThousandEyes Enterprise Agent | Agent 5.1.2 | affected |
Weaknesses
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.