CVE-2023-20274
First published: Tue Nov 21 2023(Updated: )
A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco AppDynamics | =21.2.7 | |
| Cisco AppDynamics | =21.2.8 | |
| Cisco AppDynamics | =21.4.0 | |
| Cisco AppDynamics | =21.4.2 | |
| Cisco AppDynamics | =21.4.3 | |
| Cisco AppDynamics | =21.4.4 | |
| Cisco AppDynamics | =21.4.5 | |
| Cisco AppDynamics | =21.4.6 | |
| Cisco AppDynamics | =21.4.7 | |
| Cisco AppDynamics | =21.4.8 | |
| Cisco AppDynamics | =21.4.9 | |
| Cisco AppDynamics | =21.4.10 | |
| Cisco AppDynamics | =21.4.11 | |
| Cisco AppDynamics | =21.5.0 | |
| Cisco AppDynamics | =21.6.0 | |
| Cisco AppDynamics | =21.7.0 | |
| Cisco AppDynamics | =22.1.0 | |
| Cisco AppDynamics | =22.1.1 | |
| Cisco AppDynamics | =22.3.0 | |
| Cisco AppDynamics | =22.8.0 | |
| Cisco AppDynamics | =22.10.0 | |
| Cisco AppDynamics | =22.11.0 | |
| Cisco AppDynamics | =22.12.0 | |
| Cisco AppDynamics | =22.12.1 | |
| Cisco AppDynamics | =23.2.0 | |
| Cisco AppDynamics | =23.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco AppDynamics PHP Agent vulnerability?
The vulnerability ID for this Cisco AppDynamics PHP Agent vulnerability is CVE-2023-20274.
What is the severity level of CVE-2023-20274?
The severity level of CVE-2023-20274 is high.
Which Cisco AppDynamics PHP Agent versions are affected by CVE-2023-20274?
The Cisco AppDynamics PHP Agent versions 21.2.7 to 23.4.0 are affected by CVE-2023-20274.
What is the impact of CVE-2023-20274?
CVE-2023-20274 allows an authenticated, local attacker to elevate privileges on an affected device.
How can I fix the vulnerability CVE-2023-20274 in Cisco AppDynamics PHP Agent?
To fix the vulnerability CVE-2023-20274 in Cisco AppDynamics PHP Agent, update to a version not affected by the vulnerability.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/weakness
- agent/description
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/cisco
- canonical/cisco appdynamics
- version/cisco appdynamics/21.2.7
- version/cisco appdynamics/21.2.8
- version/cisco appdynamics/21.4.0
- version/cisco appdynamics/21.4.2
- version/cisco appdynamics/21.4.3
- version/cisco appdynamics/21.4.4
- version/cisco appdynamics/21.4.5
- version/cisco appdynamics/21.4.6
- version/cisco appdynamics/21.4.7
- version/cisco appdynamics/21.4.8
- version/cisco appdynamics/21.4.9
- version/cisco appdynamics/21.4.10
- version/cisco appdynamics/21.4.11
- version/cisco appdynamics/21.5.0
- version/cisco appdynamics/21.6.0
- version/cisco appdynamics/21.7.0
- version/cisco appdynamics/22.1.0
- version/cisco appdynamics/22.1.1
- version/cisco appdynamics/22.3.0
- version/cisco appdynamics/22.8.0
- version/cisco appdynamics/22.10.0
- version/cisco appdynamics/22.11.0
- version/cisco appdynamics/22.12.0
- version/cisco appdynamics/22.12.1
- version/cisco appdynamics/23.2.0
- version/cisco appdynamics/23.4.0