Cisco Thousandeyes Enterprise Agent
Monthly
Command injection in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance lets an authenticated administrator upload a crafted certificate to execute arbitrary commands as root on the underlying operating system. The flaw stems from insufficient validation of user-supplied input (CWE-74) and carries a CVSS 7.2 (High) rating; the elevated impact comes from full root-level code execution despite the high-privilege precondition. No public exploit identified at time of analysis, and EPSS is very low at 0.04% (13th percentile), consistent with the CISA SSVC determination of no observed exploitation.
Command injection in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance lets an authenticated administrator upload a crafted certificate to execute arbitrary commands as root on the underlying operating system. The flaw stems from insufficient validation of user-supplied input (CWE-74) and carries a CVSS 7.2 (High) rating; the elevated impact comes from full root-level code execution despite the high-privilege precondition. No public exploit identified at time of analysis, and EPSS is very low at 0.04% (13th percentile), consistent with the CISA SSVC determination of no observed exploitation.