Sign-up

ID

VAR-202301-1328


CVE

CVE-2023-20043


TITLE

Cisco CX Cloud Agent  Vulnerability regarding improper default permissions in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002307

DESCRIPTION

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2023-20043 // JVNDB: JVNDB-2023-002307 // VULHUB: VHN-444822 // VULMON: CVE-2023-20043

AFFECTED PRODUCTS

vendor:ciscomodel:cx cloud agentscope:eqversion:2.2

Trust: 1.0

vendor:ciscomodel:cx cloud agentscope:ltversion:1.9

Trust: 1.0

vendor:シスコシステムズmodel:cisco cx cloud agentscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco cx cloud agentscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-002307 // NVD: CVE-2023-20043

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-20043
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20043
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2023-002307
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202301-1008
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2023-20043
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2023-002307
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-002307 // CNNVD: CNNVD-202301-1008 // NVD: CVE-2023-20043 // NVD: CVE-2023-20043

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.1

problemtype:CWE-708

Trust: 1.0

problemtype:Inappropriate default permissions (CWE-276) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-444822 // JVNDB: JVNDB-2023-002307 // NVD: CVE-2023-20043

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202301-1008

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202301-1008

PATCH

title:cisco-sa-cxagent-gOq9QjqZurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ

Trust: 0.8

title:Cisco CX Cloud Agent Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=222310

Trust: 0.6

title:Cisco: Cisco CX Cloud Agent Privilege Escalation Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-cxagent-gOq9QjqZ

Trust: 0.1

sources: VULMON: CVE-2023-20043 // JVNDB: JVNDB-2023-002307 // CNNVD: CNNVD-202301-1008

EXTERNAL IDS

db:NVDid:CVE-2023-20043

Trust: 3.4

db:JVNDBid:JVNDB-2023-002307

Trust: 0.8

db:AUSCERTid:ESB-2023.0178

Trust: 0.6

db:CNNVDid:CNNVD-202301-1008

Trust: 0.6

db:VULHUBid:VHN-444822

Trust: 0.1

db:VULMONid:CVE-2023-20043

Trust: 0.1

sources: VULHUB: VHN-444822 // VULMON: CVE-2023-20043 // JVNDB: JVNDB-2023-002307 // CNNVD: CNNVD-202301-1008 // NVD: CVE-2023-20043

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cxagent-goq9qjqz

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2023-20043

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-20043/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.0178

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-444822 // VULMON: CVE-2023-20043 // JVNDB: JVNDB-2023-002307 // CNNVD: CNNVD-202301-1008 // NVD: CVE-2023-20043

SOURCES

db:VULHUBid:VHN-444822
db:VULMONid:CVE-2023-20043
db:JVNDBid:JVNDB-2023-002307
db:CNNVDid:CNNVD-202301-1008
db:NVDid:CVE-2023-20043

LAST UPDATE DATE

2024-08-14T15:21:25.354000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-444822date:2023-01-30T00:00:00
db:VULMONid:CVE-2023-20043date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002307date:2023-07-05T01:05:00
db:CNNVDid:CNNVD-202301-1008date:2023-02-01T00:00:00
db:NVDid:CVE-2023-20043date:2024-01-25T17:15:27.077

SOURCES RELEASE DATE

db:VULHUBid:VHN-444822date:2023-01-20T00:00:00
db:VULMONid:CVE-2023-20043date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002307date:2023-07-05T00:00:00
db:CNNVDid:CNNVD-202301-1008date:2023-01-12T00:00:00
db:NVDid:CVE-2023-20043date:2023-01-20T07:15:16.040