Service Library Access Control Bypass in Cisco IOS XE
CVE-2023-29122 Published on November 5, 2024
Incorrect file ownership of privileged service's libraries in Enel X JuiceBox
Under certain conditions, access to service libraries is granted to account they should not have access to.
Vulnerability Analysis
CVE-2023-29122 is exploitable with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Incorrect Ownership Assignment
The software assigns an owner to a resource, but the owner is outside of the intended control sphere. This may allow the resource to be manipulated by actors outside of the intended control sphere.
Products Associated with CVE-2023-29122
Want to know whenever a new CVE is published for Cisco IOS XE? stack.watch will email you.
Affected Versions
Enel X JuiceBox Pro 3.0 22kW Cellular:- Before and including 2.1.1.0_JB3VU096A is affected.
- Before and including 2.1.1.0_JB3VU096A is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.