Cisco ThousandEyes Agent Certificate Validation Vulnerability

A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate certificates for hosted metrics services. An on-path attacker could exploit this vulnerability by intercepting network traffic using a crafted certificate. A successful exploit could allow the attacker to masquerade as a trusted host and monitor or change communications between the remote metrics service and the vulnerable client. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-thousandeyes-cert-pqtJUv9N Security Impact Rating: Medium CVE: CVE-2025-20126
http://news.poseidon-us.com/THFCK9

Cisco ThousandEyes Agent Certificate Validation Vulnerability

Like this:

Related

More Posts

GitLab CISO on proactive monitoring and metrics for DevSecOps success

Sara: Open-source RouterOS security inspector

Cybersecurity in 2025: Global conflict, grown-up AI, and the wisdom of the crowd

Google must face mobile phone privacy class action, possible trial

Freedom Furniture turns on AI-based search and personalisation

Telstra to trial satellite-to-mobile services with Starlink

Low-cost system will improve communications among industrial machines

Telstra to trial mobile-to-satellite with Starlink

Examining Redtail Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics [Guest Diary], (Thu, Jan 9th)

ISC Stormcast For Thursday, January 9th, 2025 https://isc.sans.edu/podcastdetail/9272, (Thu, Jan 9th)

Share this:

Like this:

Related

More Posts