Privilege Escalation Vulnerability in Cisco AppDynamics PHP Agent
CVE-2023-20274

7.8HIGH

Key Information:

Vendor: Cisco
Status: Cisco Appdynamics
Vendor: CVE Published:; 21 November 2023

Badges

👾 Exploit Exists

Summary

A vulnerability found in the installer script of the Cisco AppDynamics PHP Agent could potentially allow an authenticated, local attacker to gain higher privileges on the affected system. The issue arises from inadequate permissions set by the PHP Agent installer, permitting the modification of objects within the installation directory. An attacker capitalizing on this vulnerability could execute those modified objects with elevated privileges, enabling them to escalate to root access on the device.

Affected Version(s)

Cisco AppDynamics 21.2.7

Cisco AppDynamics 21.2.8

Cisco AppDynamics 21.4.0

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 29, 2024
Vulnerability published
Nov 21, 2023
Vulnerability Reserved
Oct 27, 2022