Lukasz Piotrowski

**Name of the Vulnerable Software and Affected Versions** Cisco ThousandEyes Virtual Appliance (affected versions not specified) **Description** Insufficient validation of user-supplied input in the SSL certificate handling allows an authenticated remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system as the root user. This is achieved by uploading a crafted certificate to the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Versions prior to 25.4.270.0 **Description** A local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator. **Recommendations** Update to version 25.4.270.0 or later.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** This issue allows a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where the products are installed, resulting in complete compromise of the target machine. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** This issue could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where the products are installed, resulting in denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.