Privilege Escalation Vulnerability in Cisco CX Cloud Agent
CVE-2023-20044

7.3HIGH

Key Information:

Vendor: Cisco
Status: Cisco CX Cloud Agent
Vendor: CVE Published:; 20 January 2023

Summary

A vulnerability in Cisco CX Cloud Agent allows an authenticated local attacker to elevate privileges through insecure file permissions. By convincing support personnel to modify settings that invoke an insecure script, the attacker could achieve full control over the compromised device. This situation underscores the importance of robust security practices and awareness within operational support teams.

Affected Version(s)

Cisco CX Cloud Agent 0.9

Cisco CX Cloud Agent 0.0.1

Cisco CX Cloud Agent 0.0.2

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 20, 2023
Vulnerability Reserved
Oct 27, 2022