CVE-2023-20274

Name of the Vulnerable Software and Affected Versions Cisco AppDynamics PHP Agent (affected versions not specified)

Description The issue is related to incorrect permission assignment in the installer script of the Cisco AppDynamics PHP Agent. This could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient permissions set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.