Konrad Porzezynski

**Name of the Vulnerable Software and Affected Versions** Cisco Catalyst SD-WAN Manager versions (affected versions not specified) **Description** A vulnerability in certificate validation processing could allow an unauthenticated, remote attacker to gain access to sensitive information. This issue is due to improper validation of certificates used by the Smart Licensing feature. An attacker with a privileged network position could exploit this by intercepting traffic sent over the Internet, potentially gaining access to sensitive information, including credentials used to connect to Cisco cloud services. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco ThousandEyes Endpoint Agent for macOS and RoomOS (affected versions not specified) **Description** A vulnerability in the certification validation routines of the affected software could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This issue exists because the software does not properly validate certificates for hosted metrics services. An on-path attacker could exploit this vulnerability by intercepting network traffic using a crafted certificate, potentially allowing the attacker to masquerade as a trusted host and monitor or change communications between the remote metrics service and the vulnerable client. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.