Zurück zur Liste

Cisco ThousandEyes Enterprise Agent BrowserBot Command Injection Vulnerability — CISCO-SA-TEBBOT-CMDINJ-WN3YQ5GN

Cisco · Cisco · CISCO-SA-TEBBOT-CMDINJ-WN3YQ5GN

ID
CISCO-SA-TEBBOT-CMDINJ-WN3YQ5GN

Datum
2026-05-20

Activity
2026-05-20

Quelle
Cisco

Vendor
Cisco

Risiko
medium

Zusammenfassung

A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco ThousandEyes Enterprise Agent, and no customer action is needed. This vulnerability was due to insufficient input validation of…

Produkt

Cisco ThousandEyes Enterprise Agent BrowserBot Command Injection

Was tun?

Allgemeine, vorsichtige Schritte (bitte prüfe die offizielle Quelle für Details):

Prüfe Exponierung und plane Maßnahmen nach Risiko und Umfeld.
Identifiziere betroffene Produktversionen und prüfe, ob du betroffen bist.
Spiele Hersteller-Updates/Patches ein oder setze empfohlene Mitigations um.
Lies das offizielle Advisory für betroffene Versionen und konkrete Schritte.

Offizielles Advisory

Mehr dazu

Cisco Cisco 2026-W21

aiograpi: Unsafe signup challenge path handling

2026-05-23 CVE-2026-47157

mediumGitHub GitHub 2026-W21

Arcane: Missing admin authorization on global variables endpoint

2026-05-23 CVE-2026-47125

highGitHub GitHub 2026-W21

AstrBot: File upload vulnerability in the function post_file of the file astrbot/dashboard/routes/chat.py

2026-05-23 CVE-2026-8754

lowGitHub GitHub 2026-W21

Beetl's SpELFunction extension function has an expression injection risk

2026-05-23 CVE-2026-8759

mediumGitHub GitHub 2026-W21

CVE-2026-43029 mptcp: fix soft lockup in mptcp_recvmsg()

2026-05-23 CVE-2026-43029

highMicrosoft CVE 2026-W21

CVE-2026-43414 scsi: qla2xxx: Completely fix fcport double free

2026-05-23 CVE-2026-43414

criticalMicrosoft CVE 2026-W21