Priv Escalation in Cisco ThousandEyes EE Agent CLI via sudo Input Validation
CVE-2023-20217 Published on August 16, 2023
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing certain commands using sudo. A successful exploit could allow the attacker to view arbitrary files as root on the underlying operating system. The attacker must have valid credentials on the affected device.
Vulnerability Analysis
CVE-2023-20217 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Products Associated with CVE-2023-20217
stack.watch emails you whenever new vulnerabilities are published in Cisco Thousandeyes Enterprise Agent or Cisco Thousandeyes Recorder. Just hit a watch button to start following.
Affected Versions
Cisco ThousandEyes Recorder Application Version N/A is affected by CVE-2023-20217Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.