Main Vulnerability Database Vulnerabilities #VU83237

Permissions, Privileges, and Access Controls in Cisco AppDynamics PHP Agent - CVE-2023-20274

Published: November 17, 2023

Vulnerability identifier: #VU83237

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-20274

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Cisco AppDynamics PHP Agent

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a local administrator to escalate privileges on the system.

The vulnerability exists due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory, which leads to security restrictions bypass and privilege escalation.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5

Permissions, Privileges, and Access Controls in Cisco AppDynamics PHP Agent - CVE-2023-20274

Description

Remediation

External links

Please verify you're human