VDB
CVE-2023-20044
CVE-2023-20044
PUBLISHED
CVSS 6.699999809265137 MEDIUM
A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the insecure script. A successful exploit could allow the attacker to take complete control of the affected device.
EPSS 0.03% · 10.0th percentile
Risk Scores
CVSS 3.1
6.699999809265137
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.03%
10.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco CX Cloud Agent | 1.2, 0.9.2, 0.9 |
| cisco | cx_cloud_agent | 0 |
Exploit Intelligence
- cisco-sa-cxagent-gOq9QjqZ (circl)
Timeline
- Jan 19, 2023 CVE Published
- Jan 20, 2023 EPSS Score
- Mar 2, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 11, 2023 EPSS Score
- May 22, 2023 EPSS Score
- Jul 1, 2023 EPSS Score
- Aug 11, 2023 EPSS Score
- Sep 20, 2023 EPSS Score
- Oct 31, 2023 EPSS Score
- Dec 10, 2023 EPSS Score
- Jan 20, 2024 EPSS Score