cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-20277,https://securityvulnerability.io/vulnerability/CVE-2024-20277,Command Injection Vulnerability in Cisco ThousandEyes Web Interface,"A flaw in the web-based management interface of Cisco ThousandEyes Enterprise Agent, specifically for the Virtual Appliance installation, permits remote authenticated attackers to conduct command injection attacks. This arises from inadequate validation of user-supplied input. By crafting and sending malicious HTTP packets to the affected device, an attacker can potentially execute arbitrary commands, thereby escalating privileges to root. This vulnerability underscores the importance of robust input validation mechanisms to protect critical management interfaces.",Cisco,Cisco ThousandEyes Recorder Application,8,HIGH,0.0011099999537691474,false,,false,false,false,,,false,false,,2024-01-17T16:58:21.065Z,0
CVE-2023-20217,https://securityvulnerability.io/vulnerability/CVE-2023-20217,Privilege Escalation Vulnerability in Cisco ThousandEyes Enterprise Agent,"A vulnerability exists in the command-line interface (CLI) of the Cisco ThousandEyes Enterprise Agent, specifically for the Virtual Appliance installation. This flaw is attributed to insufficient input validation within the operating system's CLI, enabling an authenticated local attacker to issue specific commands using 'sudo'. Successful exploitation of this vulnerability would allow the unauthorized user to access arbitrary files with root privileges on the underlying operating system. It is essential that potential attackers possess valid credentials for the affected device, highlighting the importance of secure credential management.",Cisco,Cisco ThousandEyes Recorder Application,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2023-20224,https://securityvulnerability.io/vulnerability/CVE-2023-20224,Privilege Escalation Vulnerability in Cisco ThousandEyes Enterprise Agent,"A privilege escalation vulnerability exists in the CLI of Cisco ThousandEyes Enterprise Agent (Virtual Appliance). This issue stems from improper input validation for user-supplied CLI arguments. An authenticated local attacker could exploit this weakness by accessing the affected device and issuing specially crafted commands, potentially allowing them to execute arbitrary commands with root privileges. It is essential for users to be aware that valid credentials on the device are required to mount such an attack. For more details, see the Cisco security advisory at the following link: [Cisco Advisory](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-thoueye-privesc-NVhHGwb3).",Cisco,Cisco ThousandEyes Recorder Application,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2021-1537,https://securityvulnerability.io/vulnerability/CVE-2021-1537,Cisco ThousandEyes Recorder Information Disclosure Vulnerability,"A vulnerability in the installer software of Cisco ThousandEyes Recorder could allow an unauthenticated, local attacker to access sensitive information that is contained in the ThousandEyes Recorder installer software. This vulnerability exists because sensitive information is included in the application installer. An attacker could exploit this vulnerability by downloading the installer and extracting its contents. A successful exploit could allow the attacker to access sensitive information that is included in the application installer.",Cisco,Cisco Thousandeyes Recorder Application,6.2,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-03T17:16:00.000Z,,false,false,,2021-06-04T17:15:00.000Z,0