Details of VAR-202301-1814

ID

VAR-202301-1814

CVE

CVE-2023-20044

TITLE

Cisco CX Cloud Agent Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002206

DESCRIPTION

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the insecure script. A successful exploit could allow the attacker to take complete control of the affected device. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2023-20044 // JVNDB: JVNDB-2023-002206 // VULHUB: VHN-444823 // VULMON: CVE-2023-20044

AFFECTED PRODUCTS

vendor:	cisco	model:	cx cloud agent	scope:	lt	version:	2.2.1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco cx cloud agent	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco cx cloud agent	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-002206 // NVD: CVE-2023-20044

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-20044
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2023-20044
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-20044
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202301-1009
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2023-20044
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2023-20044
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-20044
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-002206 // CNNVD: CNNVD-202301-1009 // NVD: CVE-2023-20044 // NVD: CVE-2023-20044

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-708	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-002206 // NVD: CVE-2023-20044

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202301-1009

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202301-1009

PATCH

title:	cisco-sa-cxagent-gOq9QjqZ	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ	Trust: 0.8
title:	Cisco CX Cloud Agent Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=222175	Trust: 0.6
title:	Cisco: Cisco CX Cloud Agent Privilege Escalation Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-cxagent-gOq9QjqZ	Trust: 0.1

sources: VULMON: CVE-2023-20044 // JVNDB: JVNDB-2023-002206 // CNNVD: CNNVD-202301-1009

EXTERNAL IDS

db:	NVD	id:	CVE-2023-20044	Trust: 3.4
db:	JVNDB	id:	JVNDB-2023-002206	Trust: 0.8
db:	AUSCERT	id:	ESB-2023.0178	Trust: 0.6
db:	CNNVD	id:	CNNVD-202301-1009	Trust: 0.6
db:	VULHUB	id:	VHN-444823	Trust: 0.1
db:	VULMON	id:	CVE-2023-20044	Trust: 0.1

sources: VULHUB: VHN-444823 // VULMON: CVE-2023-20044 // JVNDB: JVNDB-2023-002206 // CNNVD: CNNVD-202301-1009 // NVD: CVE-2023-20044

REFERENCES

url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cxagent-goq9qjqz	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2023-20044	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2023.0178	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2023-20044/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-444823 // VULMON: CVE-2023-20044 // JVNDB: JVNDB-2023-002206 // CNNVD: CNNVD-202301-1009 // NVD: CVE-2023-20044

SOURCES

db:	VULHUB	id:	VHN-444823
db:	VULMON	id:	CVE-2023-20044
db:	JVNDB	id:	JVNDB-2023-002206
db:	CNNVD	id:	CNNVD-202301-1009
db:	NVD	id:	CVE-2023-20044

LAST UPDATE DATE

2024-08-14T15:21:25.326000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-444823	date:	2023-01-27T00:00:00
db:	VULMON	id:	CVE-2023-20044	date:	2023-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2023-002206	date:	2023-06-23T07:40:00
db:	CNNVD	id:	CNNVD-202301-1009	date:	2023-01-28T00:00:00
db:	NVD	id:	CVE-2023-20044	date:	2024-01-25T17:15:27.183

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-444823	date:	2023-01-20T00:00:00
db:	VULMON	id:	CVE-2023-20044	date:	2023-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2023-002206	date:	2023-06-23T00:00:00
db:	CNNVD	id:	CNNVD-202301-1009	date:	2023-01-12T00:00:00
db:	NVD	id:	CVE-2023-20044	date:	2023-01-20T07:15:16.370