VDB

CVE-2023-20274

CVE-2023-20274 PUBLISHED CVSS 6.300000190734863 MEDIUM

A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device.

EPSS 0.02% · 4.5th percentile

Risk Scores

CVSS 3.1
6.300000190734863
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
EPSS Score
0.02%
4.5th percentile

Affected Products

VendorProductVersions
ciscoappdynamics21.2.8, 21.2.7, 21.4.0
CiscoCisco AppDynamics21.2.8, 21.4.10, 21.4.11

Exploit Intelligence

Timeline

  • Nov 21, 2023 CVE Published
  • Nov 22, 2023 EPSS Score
  • Dec 22, 2023 EPSS Score
  • Jan 21, 2024 EPSS Score
  • Feb 20, 2024 EPSS Score
  • Mar 21, 2024 EPSS Score
  • Apr 20, 2024 EPSS Score
  • May 20, 2024 EPSS Score
  • Jun 19, 2024 EPSS Score
  • Jul 19, 2024 EPSS Score
  • Aug 18, 2024 EPSS Score
  • Aug 29, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›