Cisco ThousandEyes Enterprise Agent Vulnerability Facilitating Local Privilege Escalation

EXECUTIVE SUMMARY:

A vulnerability has been uncovered CVE-2026-20161 in Cisco ThousandEyes Enterprise Agent that could allow an authenticated local attacker with low privileges to overwrite arbitrary files on the affected system. The issue stems from improper access controls on files within the local file system, enabling exploitation through the use of symbolic links placed in specific locations. By leveraging this flaw, an attacker can bypass file system restrictions and manipulate or overwrite critical files, potentially impacting system integrity and security. Although the attack requires local access, successful exploitation may facilitate further compromise of the host, making it a notable risk in environments where multiple users or lower-privileged access is permitted. The vulnerability has a CVSS score of 5.5.[emaillocker id="1283"]

RECOMMENDATION:

We recommend you to update Windows Cisco ThousandEyes Enterprise Agent to below version: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-agentfilewrite-tqUw3SMU

REFERENCES:

The following reports contain further technical details:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-agentfilewrite-tqUw3SMU?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20ThousandEyes%20Enterprise%20Agent%20Arbitrary%20File%20Overwrite%20Vulnerability%26vs_k=1