// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE INT-05DTG 0600Z
Endpoint Security Vendor

Cisco

5 PUBLIC SECURITY EVENTS ON FILE · 2023-12-26 — 2026-05-20

Publicly-known security events concerning Cisco — CVEs, advisories, and incidents drawn from open-source reporting. Every item links to its original source.

Category

What Cisco sells

EDR is agent-based endpoint tooling that monitors process/file/network activity, detects malicious behavior, and enables response. It is detection-led by design: it observes and acts after code executes. Its efficacy depends on recognizing a threat, so novel/zero-day techniques are a window of exposure until detected.

SOURCE · ColdRecon Reference

Cisco competes in the endpoint-security category. ColdRecon publishes only the factual public record below — no competitive analysis or positioning.

The Public Record

Recent security events

On file: 3 vuln disclosures · 1 incident · 1 research poc.

2026-05-20
vuln disclosure
Cisco ThousandEyes Enterprise Agent BrowserBot Command Injection VulnerabilityCVE-2026-20206
CVE-2026-20206 is a command injection vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent. An authenticated attacker with transaction test management privileges can execute arbitrary OS commands inside the BrowserBot container. Cisco has addressed the issue in the SaaS service, requiring no customer action.
2026-04-15
vuln disclosure
Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite VulnerabilityCVE-2026-20161
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent allows a local low-privileged attacker to overwrite arbitrary files via symbolic link following. This can lead to integrity compromise on the affected endpoint. Cisco has published an advisory and affected versions are listed.
2025-05-30
incident
Conti Ransomware Gang Leaks Internal EDR Evasion Tier ListConti EDR Tier List Leak
The Conti ransomware group leaked an internal ranking of endpoint detection and response (EDR) products based on their ease of bypass during real-world attacks. The list places Microsoft Defender for Endpoint, McAfee, and Webroot in the lowest tier, while CrowdStrike is ranked highest. The leak highlights that even top-tier EDRs can be evaded, especially when poorly configured, and underscores the importance of defense-in-depth and proper security tool configuration.
2024-09-12
vuln disclosure
CVE-2024-20430: Cisco Meraki Systems Manager Agent for Windows Privilege EscalationCVE-2024-20430
CVE-2024-20430 is a local privilege escalation vulnerability in Cisco Meraki Systems Manager Agent for Windows. It allows a low-privileged authenticated attacker to execute arbitrary code with SYSTEM privileges via DLL hijacking. The vulnerability stems from uncontrolled search path elements during agent startup.
Every event on this page is a record in ColdRecon's canonical set, drawn from public reporting and linked to its source above. ColdRecon monitors open-source signal only; it publishes no non-public or customer information.

Cisco ships. Your prospect reads the headline. Do you?

ColdRecon turns this signal into one short daily brief, written from the seller's seat — what changed, why it matters to your deals, how to position. Request clearance and the first lands tomorrow at 0600.

Request Clearance →