CVE-2023-20043

Published Jan 20, 2023

Last updated 10 months ago

Overview

Description: A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device.
Source: ykramarz@cisco.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-276
ykramarz@cisco.com: CWE-708

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E39A327-013E-460F-9EF0-9541DCE88610",
            "versionEndExcluding": "1.9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:cx_cloud_agent:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "723C08F8-8A45-472F-8874-45B3BDE026A1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References