CVE-2023-20274

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 21, 2023

Updated: Jan 25, 2024

CWE ID 269

Summary

CVE-2023-20274 is a vulnerability affecting the installer script of Cisco AppDynamics PHP Agent. This issue permits an authenticated, local attacker to escalate privileges on a vulnerable device. The root cause is insufficient permissions granted to the PHP Agent Installer on its install directory. An adversary can exploit this flaw by altering objects within the PHP Agent install directory, which runs with equivalent privileges as PHP. Achieving a successful exploitation could enable a less privileged attacker to gain root access on the device.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/srjtco
https://www.cve.org/CVERecord?id=CVE-2023-20274
https://nvd.nist.gov/vuln/detail/CVE-2023-20274

Back to Vulnerability Database

CVE-2023-20274

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations