CVE-2023-20044

HIGH Year: 2023
CVSS v3 Score
7.3
High
Weakness Type
CWE-708
View all →

Vulnerability Description

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the insecure script. A successful exploit could allow the attacker to take complete control of the affected device.

Related Vulnerabilities

CVE-2022-33737

HIGH
CVSS:7.5(High)

The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password

CWE-7082022

CVE-2024-9633

HIGH
CVSS:7.5(High)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This...

CWE-7082024

CVE-2023-20043

MEDIUM
CVSS:6.7(Medium)

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit t...

CWE-7082023

CVE-2023-29122

MEDIUM
CVSS:6.7(Medium)

Under certain conditions, access to service libraries is granted to account they should not have access to.

CWE-7082023

CVE-2024-41773

MEDIUM
CVSS:6.5(Medium)

IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls.

CWE-7082024

CVE-2024-45426

MEDIUM
CVSS:6.5(Medium)

Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.

CWE-7082024