Search criteria
4 vulnerabilities found for thousandeyes_recorder by cisco
CVE-2023-20217 (GCVE-0-2023-20217)
Vulnerability from nvd – Published: 2023-08-16 21:39 – Updated: 2025-07-03 14:03
VLAI?
Summary
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device.
This vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing certain commands using sudo. A successful exploit could allow the attacker to view arbitrary files as root on the underlying operating system. The attacker must have valid credentials on the affected device.
Severity ?
5.5 (Medium)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco ThousandEyes Recorder Application |
Affected:
N/A
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-te-va-priv-esc-PUdgrx8E",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-va-priv-esc-PUdgrx8E"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-03T14:03:14.355820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-03T14:03:24.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco ThousandEyes Recorder Application",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing certain commands using sudo. A successful exploit could allow the attacker to view arbitrary files as root on the underlying operating system. The attacker must have valid credentials on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "Execution with Unnecessary Privileges",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:58:22.404Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-te-va-priv-esc-PUdgrx8E",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-va-priv-esc-PUdgrx8E"
}
],
"source": {
"advisory": "cisco-sa-te-va-priv-esc-PUdgrx8E",
"defects": [
"CSCwf70738"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20217",
"datePublished": "2023-08-16T21:39:41.364Z",
"dateReserved": "2022-10-27T18:47:50.368Z",
"dateUpdated": "2025-07-03T14:03:24.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1537 (GCVE-0-2021-1537)
Vulnerability from nvd – Published: 2021-06-04 16:45 – Updated: 2024-11-07 22:09
VLAI?
Title
Cisco ThousandEyes Recorder Information Disclosure Vulnerability
Summary
A vulnerability in the installer software of Cisco ThousandEyes Recorder could allow an unauthenticated, local attacker to access sensitive information that is contained in the ThousandEyes Recorder installer software. This vulnerability exists because sensitive information is included in the application installer. An attacker could exploit this vulnerability by downloading the installer and extracting its contents. A successful exploit could allow the attacker to access sensitive information that is included in the application installer.
Severity ?
6.2 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco ThousandEyes Recorder Application |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:11:17.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210602 Cisco ThousandEyes Recorder Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-recorder-infodis-mx3ETTBM"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1537",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:41:45.852371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T22:09:40.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco ThousandEyes Recorder Application",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the installer software of Cisco ThousandEyes Recorder could allow an unauthenticated, local attacker to access sensitive information that is contained in the ThousandEyes Recorder installer software. This vulnerability exists because sensitive information is included in the application installer. An attacker could exploit this vulnerability by downloading the installer and extracting its contents. A successful exploit could allow the attacker to access sensitive information that is included in the application installer."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-04T16:45:49",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210602 Cisco ThousandEyes Recorder Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-recorder-infodis-mx3ETTBM"
}
],
"source": {
"advisory": "cisco-sa-te-recorder-infodis-mx3ETTBM",
"defect": [
[
"CSCvx91463"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco ThousandEyes Recorder Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-06-02T16:00:00",
"ID": "CVE-2021-1537",
"STATE": "PUBLIC",
"TITLE": "Cisco ThousandEyes Recorder Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco ThousandEyes Recorder Application",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the installer software of Cisco ThousandEyes Recorder could allow an unauthenticated, local attacker to access sensitive information that is contained in the ThousandEyes Recorder installer software. This vulnerability exists because sensitive information is included in the application installer. An attacker could exploit this vulnerability by downloading the installer and extracting its contents. A successful exploit could allow the attacker to access sensitive information that is included in the application installer."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.2",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210602 Cisco ThousandEyes Recorder Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-recorder-infodis-mx3ETTBM"
}
]
},
"source": {
"advisory": "cisco-sa-te-recorder-infodis-mx3ETTBM",
"defect": [
[
"CSCvx91463"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1537",
"datePublished": "2021-06-04T16:45:49.671731Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-07T22:09:40.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20217 (GCVE-0-2023-20217)
Vulnerability from cvelistv5 – Published: 2023-08-16 21:39 – Updated: 2025-07-03 14:03
VLAI?
Summary
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device.
This vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing certain commands using sudo. A successful exploit could allow the attacker to view arbitrary files as root on the underlying operating system. The attacker must have valid credentials on the affected device.
Severity ?
5.5 (Medium)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco ThousandEyes Recorder Application |
Affected:
N/A
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-te-va-priv-esc-PUdgrx8E",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-va-priv-esc-PUdgrx8E"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-03T14:03:14.355820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-03T14:03:24.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco ThousandEyes Recorder Application",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing certain commands using sudo. A successful exploit could allow the attacker to view arbitrary files as root on the underlying operating system. The attacker must have valid credentials on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "Execution with Unnecessary Privileges",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:58:22.404Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-te-va-priv-esc-PUdgrx8E",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-va-priv-esc-PUdgrx8E"
}
],
"source": {
"advisory": "cisco-sa-te-va-priv-esc-PUdgrx8E",
"defects": [
"CSCwf70738"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20217",
"datePublished": "2023-08-16T21:39:41.364Z",
"dateReserved": "2022-10-27T18:47:50.368Z",
"dateUpdated": "2025-07-03T14:03:24.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1537 (GCVE-0-2021-1537)
Vulnerability from cvelistv5 – Published: 2021-06-04 16:45 – Updated: 2024-11-07 22:09
VLAI?
Title
Cisco ThousandEyes Recorder Information Disclosure Vulnerability
Summary
A vulnerability in the installer software of Cisco ThousandEyes Recorder could allow an unauthenticated, local attacker to access sensitive information that is contained in the ThousandEyes Recorder installer software. This vulnerability exists because sensitive information is included in the application installer. An attacker could exploit this vulnerability by downloading the installer and extracting its contents. A successful exploit could allow the attacker to access sensitive information that is included in the application installer.
Severity ?
6.2 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco ThousandEyes Recorder Application |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:11:17.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210602 Cisco ThousandEyes Recorder Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-recorder-infodis-mx3ETTBM"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1537",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:41:45.852371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T22:09:40.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco ThousandEyes Recorder Application",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the installer software of Cisco ThousandEyes Recorder could allow an unauthenticated, local attacker to access sensitive information that is contained in the ThousandEyes Recorder installer software. This vulnerability exists because sensitive information is included in the application installer. An attacker could exploit this vulnerability by downloading the installer and extracting its contents. A successful exploit could allow the attacker to access sensitive information that is included in the application installer."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-04T16:45:49",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210602 Cisco ThousandEyes Recorder Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-recorder-infodis-mx3ETTBM"
}
],
"source": {
"advisory": "cisco-sa-te-recorder-infodis-mx3ETTBM",
"defect": [
[
"CSCvx91463"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco ThousandEyes Recorder Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-06-02T16:00:00",
"ID": "CVE-2021-1537",
"STATE": "PUBLIC",
"TITLE": "Cisco ThousandEyes Recorder Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco ThousandEyes Recorder Application",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the installer software of Cisco ThousandEyes Recorder could allow an unauthenticated, local attacker to access sensitive information that is contained in the ThousandEyes Recorder installer software. This vulnerability exists because sensitive information is included in the application installer. An attacker could exploit this vulnerability by downloading the installer and extracting its contents. A successful exploit could allow the attacker to access sensitive information that is included in the application installer."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.2",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210602 Cisco ThousandEyes Recorder Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-recorder-infodis-mx3ETTBM"
}
]
},
"source": {
"advisory": "cisco-sa-te-recorder-infodis-mx3ETTBM",
"defect": [
[
"CSCvx91463"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1537",
"datePublished": "2021-06-04T16:45:49.671731Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-07T22:09:40.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}