Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for appdynamics by cisco

    CVE-2024-20394 (GCVE-0-2024-20394)

    Vulnerability from nvd – Published: 2024-05-15 17:21 – Updated: 2024-08-09 18:33
    VLAI
    Summary
    A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could exploit this vulnerability by sending an HTTP request to the targeted service. A successful exploit could allow the attacker to cause a DoS condition by stopping the Network Agent Service on the local device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.833Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-appd-netvisdos-9zNbsJtK",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-netvisdos-9zNbsJtK"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20394",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T18:33:17.627981Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-09T18:33:27.091Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco AppDynamics",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could exploit this vulnerability by sending an HTTP request to the targeted service. A successful exploit could allow the attacker to cause a DoS condition by stopping the Network Agent Service on the local device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-15T17:21:46.986Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-appd-netvisdos-9zNbsJtK",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-netvisdos-9zNbsJtK"
            }
          ],
          "source": {
            "advisory": "cisco-sa-appd-netvisdos-9zNbsJtK",
            "defects": [
              "CSCwh65251"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20394",
        "datePublished": "2024-05-15T17:21:46.986Z",
        "dateReserved": "2023-11-08T15:08:07.659Z",
        "dateUpdated": "2024-08-09T18:33:27.091Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20274 (GCVE-0-2023-20274)

    Vulnerability from nvd – Published: 2023-11-21 18:49 – Updated: 2024-08-29 20:01
    VLAI
    Summary
    A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco AppDynamics Affected: 21.2.7
    Affected: 21.2.8
    Affected: 21.4.0
    Affected: 21.4.10
    Affected: 21.4.11
    Affected: 21.4.2
    Affected: 21.4.3
    Affected: 21.4.4
    Affected: 21.4.5
    Affected: 21.4.6
    Affected: 21.4.7
    Affected: 21.4.8
    Affected: 21.4.9
    Affected: 21.5.0
    Affected: 21.6.0
    Affected: 22.1.0
    Affected: 22.1.1
    Affected: 22.11.0
    Affected: 22.3.0
    Affected: 22.10.0
    Affected: 22.12.0
    Affected: 22.12.1
    Affected: 21.7.0
    Affected: 22.8.0
    Affected: 23.2.0
    Affected: 23.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.898Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-appd-php-authpriv-gEBwTvu5",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20274",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-21T19:47:48.993316Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T20:01:10.301Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco AppDynamics",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "21.2.7"
                },
                {
                  "status": "affected",
                  "version": "21.2.8"
                },
                {
                  "status": "affected",
                  "version": "21.4.0"
                },
                {
                  "status": "affected",
                  "version": "21.4.10"
                },
                {
                  "status": "affected",
                  "version": "21.4.11"
                },
                {
                  "status": "affected",
                  "version": "21.4.2"
                },
                {
                  "status": "affected",
                  "version": "21.4.3"
                },
                {
                  "status": "affected",
                  "version": "21.4.4"
                },
                {
                  "status": "affected",
                  "version": "21.4.5"
                },
                {
                  "status": "affected",
                  "version": "21.4.6"
                },
                {
                  "status": "affected",
                  "version": "21.4.7"
                },
                {
                  "status": "affected",
                  "version": "21.4.8"
                },
                {
                  "status": "affected",
                  "version": "21.4.9"
                },
                {
                  "status": "affected",
                  "version": "21.5.0"
                },
                {
                  "status": "affected",
                  "version": "21.6.0"
                },
                {
                  "status": "affected",
                  "version": "22.1.0"
                },
                {
                  "status": "affected",
                  "version": "22.1.1"
                },
                {
                  "status": "affected",
                  "version": "22.11.0"
                },
                {
                  "status": "affected",
                  "version": "22.3.0"
                },
                {
                  "status": "affected",
                  "version": "22.10.0"
                },
                {
                  "status": "affected",
                  "version": "22.12.0"
                },
                {
                  "status": "affected",
                  "version": "22.12.1"
                },
                {
                  "status": "affected",
                  "version": "21.7.0"
                },
                {
                  "status": "affected",
                  "version": "22.8.0"
                },
                {
                  "status": "affected",
                  "version": "23.2.0"
                },
                {
                  "status": "affected",
                  "version": "23.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "Improper Privilege Management",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:58:38.138Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-appd-php-authpriv-gEBwTvu5",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5"
            }
          ],
          "source": {
            "advisory": "cisco-sa-appd-php-authpriv-gEBwTvu5",
            "defects": [
              "CSCwh65119"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20274",
        "datePublished": "2023-11-21T18:49:52.044Z",
        "dateReserved": "2022-10-27T18:47:50.374Z",
        "dateUpdated": "2024-08-29T20:01:10.301Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20394 (GCVE-0-2024-20394)

    Vulnerability from cvelistv5 – Published: 2024-05-15 17:21 – Updated: 2024-08-09 18:33
    VLAI
    Summary
    A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could exploit this vulnerability by sending an HTTP request to the targeted service. A successful exploit could allow the attacker to cause a DoS condition by stopping the Network Agent Service on the local device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.833Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-appd-netvisdos-9zNbsJtK",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-netvisdos-9zNbsJtK"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20394",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T18:33:17.627981Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-09T18:33:27.091Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco AppDynamics",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could exploit this vulnerability by sending an HTTP request to the targeted service. A successful exploit could allow the attacker to cause a DoS condition by stopping the Network Agent Service on the local device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-15T17:21:46.986Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-appd-netvisdos-9zNbsJtK",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-netvisdos-9zNbsJtK"
            }
          ],
          "source": {
            "advisory": "cisco-sa-appd-netvisdos-9zNbsJtK",
            "defects": [
              "CSCwh65251"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20394",
        "datePublished": "2024-05-15T17:21:46.986Z",
        "dateReserved": "2023-11-08T15:08:07.659Z",
        "dateUpdated": "2024-08-09T18:33:27.091Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20274 (GCVE-0-2023-20274)

    Vulnerability from cvelistv5 – Published: 2023-11-21 18:49 – Updated: 2024-08-29 20:01
    VLAI
    Summary
    A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco AppDynamics Affected: 21.2.7
    Affected: 21.2.8
    Affected: 21.4.0
    Affected: 21.4.10
    Affected: 21.4.11
    Affected: 21.4.2
    Affected: 21.4.3
    Affected: 21.4.4
    Affected: 21.4.5
    Affected: 21.4.6
    Affected: 21.4.7
    Affected: 21.4.8
    Affected: 21.4.9
    Affected: 21.5.0
    Affected: 21.6.0
    Affected: 22.1.0
    Affected: 22.1.1
    Affected: 22.11.0
    Affected: 22.3.0
    Affected: 22.10.0
    Affected: 22.12.0
    Affected: 22.12.1
    Affected: 21.7.0
    Affected: 22.8.0
    Affected: 23.2.0
    Affected: 23.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.898Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-appd-php-authpriv-gEBwTvu5",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20274",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-21T19:47:48.993316Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T20:01:10.301Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco AppDynamics",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "21.2.7"
                },
                {
                  "status": "affected",
                  "version": "21.2.8"
                },
                {
                  "status": "affected",
                  "version": "21.4.0"
                },
                {
                  "status": "affected",
                  "version": "21.4.10"
                },
                {
                  "status": "affected",
                  "version": "21.4.11"
                },
                {
                  "status": "affected",
                  "version": "21.4.2"
                },
                {
                  "status": "affected",
                  "version": "21.4.3"
                },
                {
                  "status": "affected",
                  "version": "21.4.4"
                },
                {
                  "status": "affected",
                  "version": "21.4.5"
                },
                {
                  "status": "affected",
                  "version": "21.4.6"
                },
                {
                  "status": "affected",
                  "version": "21.4.7"
                },
                {
                  "status": "affected",
                  "version": "21.4.8"
                },
                {
                  "status": "affected",
                  "version": "21.4.9"
                },
                {
                  "status": "affected",
                  "version": "21.5.0"
                },
                {
                  "status": "affected",
                  "version": "21.6.0"
                },
                {
                  "status": "affected",
                  "version": "22.1.0"
                },
                {
                  "status": "affected",
                  "version": "22.1.1"
                },
                {
                  "status": "affected",
                  "version": "22.11.0"
                },
                {
                  "status": "affected",
                  "version": "22.3.0"
                },
                {
                  "status": "affected",
                  "version": "22.10.0"
                },
                {
                  "status": "affected",
                  "version": "22.12.0"
                },
                {
                  "status": "affected",
                  "version": "22.12.1"
                },
                {
                  "status": "affected",
                  "version": "21.7.0"
                },
                {
                  "status": "affected",
                  "version": "22.8.0"
                },
                {
                  "status": "affected",
                  "version": "23.2.0"
                },
                {
                  "status": "affected",
                  "version": "23.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "Improper Privilege Management",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:58:38.138Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-appd-php-authpriv-gEBwTvu5",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5"
            }
          ],
          "source": {
            "advisory": "cisco-sa-appd-php-authpriv-gEBwTvu5",
            "defects": [
              "CSCwh65119"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20274",
        "datePublished": "2023-11-21T18:49:52.044Z",
        "dateReserved": "2022-10-27T18:47:50.374Z",
        "dateUpdated": "2024-08-29T20:01:10.301Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }