Cisco ThousandEyes Virtual Appliance Defect in SSL Certificate Review

EXECUTIVE SUMMARY:

CVE-2026-20199, with a CVSS score of 4.7, is a vulnerability in Cisco ThousandEyes Virtual Appliance related to improper validation of SSL certificate handling, where specially crafted certificate input is not correctly neutralized. This flaw can be exploited by an authenticated attacker with administrative privileges to upload a malicious certificate, which is then processed insecurely by the system, leading to arbitrary command execution on the underlying operating system as the root user. The issue stems from insufficient input validation and improper handling of special elements in certificate data, allowing injection-style manipulation within downstream components. Successful exploitation could fully compromise the affected appliance, giving attackers complete control over system integrity, confidentiality, and availability, although exploitation requires valid admin-level access.[emaillocker id="1283"]

RECOMMENDATION:

We recommend you to update Cisco ThousandEyes Virtual Appliance to below version: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tevacert-rce-RMJVEym5

REFERENCES:

The following reports contain further technical details:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tevacert-rce-RMJVEym5?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20ThousandEyes%20Virtual%20Appliance%20Authenticated%20Remote%20Code%20Execution%20Vulnerability%26vs_k=1