CVE-2023-20044
CVE-2023-20044
In short
A flaw in Cisco CX Cloud Agent allows a logged-in user to gain full control of the device by exploiting insecure file permissions. An attacker tricks support into updating settings that run a vulnerable script.
Technical detail
CWE-708 insecure file permissions in Cisco CX Cloud Agent enables local privilege escalation when an authenticated attacker persuades support personnel to update configuration settings that execute an improperly protected script, resulting in complete device compromise.
Summary generated and translated by AI from the official description.
A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges.
This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the insecure script. A successful exploit could allow the attacker to take complete control of the affected device.
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected products
Cisco · Cisco CX Cloud AgentWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →