CVE Vulnerabilities

CVE-2023-20044

Incorrect Ownership Assignment

Published: Jan 20, 2023 | Modified: Nov 21, 2024
CVSS 3.x
7.3
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the insecure script. A successful exploit could allow the attacker to take complete control of the affected device.

Weakness

The product assigns an owner to a resource, but the owner is outside of the intended control sphere.

Affected Software

Name Vendor Start Version End Version
Cx_cloud_agent Cisco * 2.2.1 (excluding)

Potential Mitigations

References