CVE-2023-20043 — Incorrect Ownership Assignment in Cisco CX Cloud Agent

CWE-708 — Incorrect Ownership Assignment CWE-276 — Incorrect Default Permissions4 documents4 sources

Severity

6.7MEDIUMNVD

EPSS

0.1%

top 83.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco CX Cloud Agent Cisco CX Cloud Agent

Timeline

PublishedJan 20

Description

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/cx_cloud_agent< 1.9+1

▶CVEListV5cisco/cisco_cx_cloud_agent15 versions+14

🔴Vulnerability Details

GHSA

GHSA-mxhq-87fx-96v9: A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges↗2023-01-20

▶

CVEList

CVE-2023-20043: A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges↗2023-01-19

▶

📋Vendor Advisories

Cisco

Cisco CX Cloud Agent Privilege Escalation Vulnerabilities↗2023-01-11

▶