Hank Leininger

**Name of the Vulnerable Software and Affected Versions** Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type (affected versions not specified) **Description** A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This issue is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing certain commands using `sudo`. A successful exploit could allow the attacker to view arbitrary files as `root` on the underlying operating system. The attacker must have valid credentials on the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions 6.6.x Description: The issue allows local users to gain privileges by modifying the $SPLUNK HOME/etc/splunk-launch.conf file and inserting Trojan horse programs into $SPLUNK HOME/bin. This can occur when Splunk Enterprise is configured to run as root but drop privileges to a specific non-root account, and the non-root setup instructions are followed, which involves running chown across all of $SPLUNK HOME to give non-root access. Recommendations: For Splunk Enterprise version 6.6.x, consider restricting access to the $SPLUNK HOME/etc/splunk-launch.conf file and $SPLUNK HOME/bin directory to prevent modification by non-root users. Additionally, review the non-root setup instructions to ensure they do not inadvertently introduce security risks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SolarWinds Log & Event Manager (LEM) versions prior to 6.3.1 Hotfix 4 **Description** The issue allows an authenticated user to execute arbitrary commands. **Recommendations** For versions prior to 6.3.1 Hotfix 4, update to version 6.3.1 Hotfix 4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SQLite versions prior to 3.13.0 **Description** The issue is related to insufficient input validation in the os unix.c component of the SQLite database management system. This could allow an attacker to access sensitive information, compromise data integrity, and cause a denial of service. The vulnerability is due to the improper implementation of the temporary directory search algorithm, which might allow local users to obtain sensitive information or cause the application to crash by leveraging the use of the current working directory for temporary files. **Recommendations** For versions prior to 3.13.0, update to version 3.13.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary directory to minimize the risk of exploitation. Avoid using the current working directory for temporary files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GNU Wget versions 1.12 and earlier wget versions prior to 1.12-r2 **Description** The issue allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename. This could possibly lead to the execution of arbitrary code as a consequence of writing to a dotfile in a home directory. Exploitation of this issue may lead to a breach of confidentiality, integrity, and availability of protected information and can be carried out remotely. **Recommendations** For GNU Wget versions 1.12 and earlier, update to a version later than 1.12 to resolve the issue. For wget versions prior to 1.12-r2, update to version 1.12-r2 or later to fix the problem. As a temporary workaround, consider disabling the use of server-provided filenames for determining the destination filename of a download until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libwww-perl versions prior to 5.835 **Description** The issue allows remote servers to create or overwrite files through a 3xx redirect to a URL with a crafted filename or a Content-Disposition header that suggests a crafted filename. This can possibly lead to the execution of arbitrary code as a consequence of writing to a dotfile in a home directory. The problem arises because the software does not reject downloads to filenames that begin with a . (dot) character. **Recommendations** For versions prior to 5.835, update to version 5.835 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `lwp-download` function to minimize the risk of exploitation. Avoid using the `lwp-download` function with untrusted URLs or servers until the issue is resolved.