CVE-2023-20044

MEDIUM

Cisco CX Cloud Agent - Privilege Escalation

Title source: llm

Description

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the insecure script. A successful exploit could allow the attacker to take complete control of the affected device.

References (1)

Core 1

Core References

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ

Scores

CVSS v3 6.7

EPSS 0.0003

EPSS Percentile 9.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-708

Status published

Products (1)

cisco/cx_cloud_agent < 2.2.1

Published Jan 20, 2023

Tracked Since Feb 18, 2026