CVE-2023-20274

7.8HIGH

Key Information

Vendor: Cisco
Status: Cisco Appdynamics
Vendor: CVE Published:; 21 November 2023

Badges

👾 Exploit Exists

Summary

A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device.

Affected Version(s)

Cisco AppDynamics = 21.2.7

Cisco AppDynamics = 21.2.8

Cisco AppDynamics = 21.4.0

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Aug 29, 2024
Risk change from: 7.8 to: 6.3 - (MEDIUM)
Aug 29, 2024
Vulnerability published.
Nov 21, 2023
Vulnerability Reserved.
Oct 27, 2022

Collectors

NVD DatabaseMitre Database