What is CVE-2023-20274?

CVE-2023-20274 is a medium-severity vulnerability in Cisco Appdynamics, classified under Improper Privilege Management. CVSS score: 6.3/10. Published 2023-11-21.

How severe is CVE-2023-20274?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Privilege escalation in Cisco Appdynamics

CVE-2023-20274

A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the P…

Vulnerability class: Privilege Escalation

EPSS: 0.000 (4.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L.

Affected products

Cisco Appdynamics — versions 21.2.7, 21.2.8, 21.4.0

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

cisco-sa-appd-php-authpriv-gEBwTvu5

Frequently asked questions

What is CVE-2023-20274?: CVE-2023-20274 is a medium-severity vulnerability in Cisco Appdynamics, classified under Improper Privilege Management. CVSS score: 6.3/10. Published 2023-11-21.
How severe is CVE-2023-20274?: Medium severity. CVSS v3 base score is 6.3 out of 10.