CVE-2023-20043

Name of the Vulnerable Software and Affected Versions Cisco CX Cloud Agent (affected versions not specified)

Description A vulnerability in Cisco CX Cloud Agent could allow an authenticated, local attacker to elevate their privileges due to insecure file permissions. An attacker could exploit this vulnerability by calling a script with sudo, potentially allowing them to take complete control of the affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of sudo for the affected script until a patch is available. Restrict access to the vulnerable file to minimize the risk of exploitation. Avoid using the sudo command with the vulnerable script until the issue is resolved.