CVE-2023-20043

Summary

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco CX Cloud Agent0.9affected
CiscoCisco CX Cloud Agent0.0.1affected
CiscoCisco CX Cloud Agent0.0.2affected
CiscoCisco CX Cloud Agent0.9.2affected
CiscoCisco CX Cloud Agent0.9.3affected
CiscoCisco CX Cloud Agent1.1affected
CiscoCisco CX Cloud Agent1.2affected
CiscoCisco CX Cloud Agent1.3affected
CiscoCisco CX Cloud Agent1.4affected
CiscoCisco CX Cloud Agent1.5affected
CiscoCisco CX Cloud Agent1.6affected
CiscoCisco CX Cloud Agent1.7affected
CiscoCisco CX Cloud Agent1.8affected
CiscoCisco CX Cloud Agent1.0.0affected
CiscoCisco CX Cloud Agent2.2affected

Weaknesses

  • CWE-708: Incorrect Ownership Assignment

ADP Enrichment

CVE Program Container

Additional References

References