{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20043", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2022-10-27T18:47:50.317Z", "datePublished": "2023-01-19T01:36:37.287Z", "dateUpdated": "2024-08-02T08:57:35.585Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:57:37.051Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges.\r\n\r This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device."}], "affected": [{"vendor": "Cisco", "product": "Cisco CX Cloud Agent", "versions": [{"version": "0.9", "status": "affected"}, {"version": "0.0.1", "status": "affected"}, {"version": "0.0.2", "status": "affected"}, {"version": "0.9.2", "status": "affected"}, {"version": "0.9.3", "status": "affected"}, {"version": "1.1", "status": "affected"}, {"version": "1.2", "status": "affected"}, {"version": "1.3", "status": "affected"}, {"version": "1.4", "status": "affected"}, {"version": "1.5", "status": "affected"}, {"version": "1.6", "status": "affected"}, {"version": "1.7", "status": "affected"}, {"version": "1.8", "status": "affected"}, {"version": "1.0.0", "status": "affected"}, {"version": "2.2", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Incorrect Ownership Assignment", "type": "cwe", "cweId": "CWE-708"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ", "name": "cisco-sa-cxagent-gOq9QjqZ"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-cxagent-gOq9QjqZ", "discovery": "INTERNAL", "defects": ["CSCwa73699"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:35.585Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ", "name": "cisco-sa-cxagent-gOq9QjqZ", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E39A327-013E-460F-9EF0-9541DCE88610", "versionEndExcluding": "1.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:cx_cloud_agent:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "723C08F8-8A45-472F-8874-45B3BDE026A1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges.\r\n\r This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device."}, {"lang": "es", "value": "Una vulnerabilidad en Cisco CX Cloud Agent podr\u00eda permitir que un atacante local autenticado eleve sus privilegios. Esta vulnerabilidad se debe a permisos de archivos inseguros. Un atacante podr\u00eda aprovechar esta vulnerabilidad llamando al script con sudo. Un exploit exitoso podr\u00eda permitir al atacante tomar el control total del dispositivo afectado."}], "id": "CVE-2023-20043", "lastModified": "2024-11-21T07:40:25.367", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-20T07:15:16.040", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-708"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}