CVE-2023-20044 — Incorrect Ownership Assignment in Cisco CX Cloud Agent

CWE-708 — Incorrect Ownership Assignment4 documents4 sources

Severity

7.3HIGHNVD

CNA6.7

EPSS

0.0%

top 90.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco CX Cloud Agent Cisco CX Cloud Agent

Timeline

PublishedJan 20

Description

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the insecure script. A successful exploit could allow the attacker to take complete control of the affected device.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/cx_cloud_agent< 2.2.1

▶CVEListV5cisco/cisco_cx_cloud_agent20 versions+19

🔴Vulnerability Details

GHSA

GHSA-5mpw-67fp-pg56: A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges↗2023-01-20

▶

CVEList

CVE-2023-20044: A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges↗2023-01-19

▶

📋Vendor Advisories

Cisco

Cisco CX Cloud Agent Privilege Escalation Vulnerabilities↗2023-01-11

▶