Vulnerability Details : CVE-2023-20043
A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges.
This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device.
Products affected by CVE-2023-20043
- cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cx_cloud_agent:2.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-20043
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-20043
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST | |
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
Cisco Systems, Inc. |
CWE ids for CVE-2023-20043
-
During installation, installed file permissions are set to allow anyone to modify those files.Assigned by: nvd@nist.gov (Primary)
-
The product assigns an owner to a resource, but the owner is outside of the intended control sphere.Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2023-20043
-
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ
Cisco CX Cloud Agent Privilege Escalation VulnerabilitiesVendor Advisory
Jump to