CVE-2023-20043

MEDIUM

Cisco CX Cloud Agent - Privilege Escalation

Title source: llm

Description

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device.

References (1)

Core 1

Core References

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ

Scores

CVSS v3 6.7

EPSS 0.0005

EPSS Percentile 17.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-276 CWE-708

Status published

Products (2)

cisco/cx_cloud_agent 2.2

cisco/cx_cloud_agent < 1.9

Published Jan 20, 2023

Tracked Since Feb 18, 2026