CVE-2023-20043

CVSS 6.7 MEDIUMEPSS 0.2%CWE-708

In short

A local user on a device with Cisco CX Cloud Agent can gain full control by exploiting insecure file permissions and running a script with elevated privileges.

Technical detail

CWE-708 vulnerability allows authenticated local attackers to escalate privileges via insecure file permissions on executable scripts; exploitation requires sudo access and results in complete system compromise.

Summary generated and translated by AI from the official description.

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

Cisco · Cisco CX Cloud Agent

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ