CVE-2021-1537
MEDIUMCisco ThousandEyes Recorder < 1.0.5 - Unauthenticated Sensitive Information Exposure via Installer
Title source: llmDescription
A vulnerability in the installer software of Cisco ThousandEyes Recorder could allow an unauthenticated, local attacker to access sensitive information that is contained in the ThousandEyes Recorder installer software. This vulnerability exists because sensitive information is included in the application installer. An attacker could exploit this vulnerability by downloading the installer and extracting its contents. A successful exploit could allow the attacker to access sensitive information that is included in the application installer.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-recorder-infodis-mx3ETTBM
Scores
CVSS v3
6.2
EPSS
0.0008
EPSS Percentile
22.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-522
Status
published
Products (1)
cisco/thousandeyes_recorder
< 1.0.5
Published
Jun 04, 2021
Tracked Since
Feb 18, 2026