CVE-2023-20274

Summary

A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco AppDynamics21.2.7affected
CiscoCisco AppDynamics21.2.8affected
CiscoCisco AppDynamics21.4.0affected
CiscoCisco AppDynamics21.4.10affected
CiscoCisco AppDynamics21.4.11affected
CiscoCisco AppDynamics21.4.2affected
CiscoCisco AppDynamics21.4.3affected
CiscoCisco AppDynamics21.4.4affected
CiscoCisco AppDynamics21.4.5affected
CiscoCisco AppDynamics21.4.6affected
CiscoCisco AppDynamics21.4.7affected
CiscoCisco AppDynamics21.4.8affected
CiscoCisco AppDynamics21.4.9affected
CiscoCisco AppDynamics21.5.0affected
CiscoCisco AppDynamics21.6.0affected
CiscoCisco AppDynamics22.1.0affected
CiscoCisco AppDynamics22.1.1affected
CiscoCisco AppDynamics22.11.0affected
CiscoCisco AppDynamics22.3.0affected
CiscoCisco AppDynamics22.10.0affected
CiscoCisco AppDynamics22.12.0affected
CiscoCisco AppDynamics22.12.1affected
CiscoCisco AppDynamics21.7.0affected
CiscoCisco AppDynamics22.8.0affected
CiscoCisco AppDynamics23.2.0affected
CiscoCisco AppDynamics23.4.0affected

Weaknesses

  • CWE-269: Improper Privilege Management

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References