CVE-2023-20274

Опубликовано: 21 нояб. 2023

Источник: nvd

CVSS3: 6.3

CVSS3: 7.8

EPSS Низкий

Описание

A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device.

This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:appdynamics:21.2.7:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:21.2.8:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:21.4.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:21.4.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:21.4.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:21.4.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:21.4.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:21.4.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:21.4.7:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:21.4.8:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:21.4.9:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:21.4.10:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:21.4.11:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:21.5.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:21.6.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:21.7.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:22.1.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:22.1.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:22.3.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:22.8.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:22.10.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:22.11.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:22.12.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:22.12.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:23.2.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:appdynamics:23.4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00035

Низкий

6.3 Medium

CVSS3

7.8 High

CVSS3

Дефекты

CWE-269

NVD-CWE-noinfo

CWE-269

Связанные уязвимости

GHSA-9q5m-wxj9-8c2j

CVSS3: 6.3

github

около 2 лет назад

A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device.

BDU:2023-08136

CVSS3: 6.3

fstec

около 2 лет назад

Уязвимость скрипта установки PHP-агента Cisco AppDynamics PHP Agent, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 10%

0.00035

Низкий

6.3 Medium

CVSS3

7.8 High

CVSS3

Дефекты

CWE-269

NVD-CWE-noinfo

CWE-269