A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands and elevate privileges to root.
References
Link | Resource |
---|---|
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-thouseyes-privesc-DmzHG3Qv | Issue Tracking Vendor Advisory |
Configurations
History
29 Jan 2024, 17:32
Type | Values Removed | Values Added |
---|---|---|
First Time |
Cisco
Cisco thousandeyes Enterprise Agent |
|
CWE | NVD-CWE-noinfo | |
References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-thouseyes-privesc-DmzHG3Qv - Issue Tracking, Vendor Advisory | |
CPE | cpe:2.3:a:cisco:thousandeyes_enterprise_agent:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.0 |
17 Jan 2024, 17:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-17 17:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-20277
Mitre link : CVE-2024-20277
CVE.ORG link : CVE-2024-20277
JSON object : View
Products Affected
cisco
- thousandeyes_enterprise_agent
CWE
NVD-CWE-noinfo
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')