Search criteria
4 vulnerabilities found for appdynamics by cisco
CVE-2024-20394 (GCVE-0-2024-20394)
Vulnerability from nvd – Published: 2024-05-15 17:21 – Updated: 2024-08-09 18:33
VLAI?
Summary
A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could exploit this vulnerability by sending an HTTP request to the targeted service. A successful exploit could allow the attacker to cause a DoS condition by stopping the Network Agent Service on the local device.
Severity ?
5.5 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco AppDynamics |
Affected:
N/A
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-appd-netvisdos-9zNbsJtK",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-netvisdos-9zNbsJtK"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T18:33:17.627981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T18:33:27.091Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco AppDynamics",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could exploit this vulnerability by sending an HTTP request to the targeted service. A successful exploit could allow the attacker to cause a DoS condition by stopping the Network Agent Service on the local device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T17:21:46.986Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-appd-netvisdos-9zNbsJtK",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-netvisdos-9zNbsJtK"
}
],
"source": {
"advisory": "cisco-sa-appd-netvisdos-9zNbsJtK",
"defects": [
"CSCwh65251"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20394",
"datePublished": "2024-05-15T17:21:46.986Z",
"dateReserved": "2023-11-08T15:08:07.659Z",
"dateUpdated": "2024-08-09T18:33:27.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20274 (GCVE-0-2023-20274)
Vulnerability from nvd – Published: 2023-11-21 18:49 – Updated: 2024-08-29 20:01
VLAI?
Summary
A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device.
This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device.
Severity ?
6.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco AppDynamics |
Affected:
21.2.7
Affected: 21.2.8 Affected: 21.4.0 Affected: 21.4.10 Affected: 21.4.11 Affected: 21.4.2 Affected: 21.4.3 Affected: 21.4.4 Affected: 21.4.5 Affected: 21.4.6 Affected: 21.4.7 Affected: 21.4.8 Affected: 21.4.9 Affected: 21.5.0 Affected: 21.6.0 Affected: 22.1.0 Affected: 22.1.1 Affected: 22.11.0 Affected: 22.3.0 Affected: 22.10.0 Affected: 22.12.0 Affected: 22.12.1 Affected: 21.7.0 Affected: 22.8.0 Affected: 23.2.0 Affected: 23.4.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-appd-php-authpriv-gEBwTvu5",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-21T19:47:48.993316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T20:01:10.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco AppDynamics",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "21.2.7"
},
{
"status": "affected",
"version": "21.2.8"
},
{
"status": "affected",
"version": "21.4.0"
},
{
"status": "affected",
"version": "21.4.10"
},
{
"status": "affected",
"version": "21.4.11"
},
{
"status": "affected",
"version": "21.4.2"
},
{
"status": "affected",
"version": "21.4.3"
},
{
"status": "affected",
"version": "21.4.4"
},
{
"status": "affected",
"version": "21.4.5"
},
{
"status": "affected",
"version": "21.4.6"
},
{
"status": "affected",
"version": "21.4.7"
},
{
"status": "affected",
"version": "21.4.8"
},
{
"status": "affected",
"version": "21.4.9"
},
{
"status": "affected",
"version": "21.5.0"
},
{
"status": "affected",
"version": "21.6.0"
},
{
"status": "affected",
"version": "22.1.0"
},
{
"status": "affected",
"version": "22.1.1"
},
{
"status": "affected",
"version": "22.11.0"
},
{
"status": "affected",
"version": "22.3.0"
},
{
"status": "affected",
"version": "22.10.0"
},
{
"status": "affected",
"version": "22.12.0"
},
{
"status": "affected",
"version": "22.12.1"
},
{
"status": "affected",
"version": "21.7.0"
},
{
"status": "affected",
"version": "22.8.0"
},
{
"status": "affected",
"version": "23.2.0"
},
{
"status": "affected",
"version": "23.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Improper Privilege Management",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:58:38.138Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-appd-php-authpriv-gEBwTvu5",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5"
}
],
"source": {
"advisory": "cisco-sa-appd-php-authpriv-gEBwTvu5",
"defects": [
"CSCwh65119"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20274",
"datePublished": "2023-11-21T18:49:52.044Z",
"dateReserved": "2022-10-27T18:47:50.374Z",
"dateUpdated": "2024-08-29T20:01:10.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20394 (GCVE-0-2024-20394)
Vulnerability from cvelistv5 – Published: 2024-05-15 17:21 – Updated: 2024-08-09 18:33
VLAI?
Summary
A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could exploit this vulnerability by sending an HTTP request to the targeted service. A successful exploit could allow the attacker to cause a DoS condition by stopping the Network Agent Service on the local device.
Severity ?
5.5 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco AppDynamics |
Affected:
N/A
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-appd-netvisdos-9zNbsJtK",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-netvisdos-9zNbsJtK"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T18:33:17.627981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T18:33:27.091Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco AppDynamics",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could exploit this vulnerability by sending an HTTP request to the targeted service. A successful exploit could allow the attacker to cause a DoS condition by stopping the Network Agent Service on the local device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T17:21:46.986Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-appd-netvisdos-9zNbsJtK",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-netvisdos-9zNbsJtK"
}
],
"source": {
"advisory": "cisco-sa-appd-netvisdos-9zNbsJtK",
"defects": [
"CSCwh65251"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20394",
"datePublished": "2024-05-15T17:21:46.986Z",
"dateReserved": "2023-11-08T15:08:07.659Z",
"dateUpdated": "2024-08-09T18:33:27.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20274 (GCVE-0-2023-20274)
Vulnerability from cvelistv5 – Published: 2023-11-21 18:49 – Updated: 2024-08-29 20:01
VLAI?
Summary
A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device.
This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device.
Severity ?
6.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco AppDynamics |
Affected:
21.2.7
Affected: 21.2.8 Affected: 21.4.0 Affected: 21.4.10 Affected: 21.4.11 Affected: 21.4.2 Affected: 21.4.3 Affected: 21.4.4 Affected: 21.4.5 Affected: 21.4.6 Affected: 21.4.7 Affected: 21.4.8 Affected: 21.4.9 Affected: 21.5.0 Affected: 21.6.0 Affected: 22.1.0 Affected: 22.1.1 Affected: 22.11.0 Affected: 22.3.0 Affected: 22.10.0 Affected: 22.12.0 Affected: 22.12.1 Affected: 21.7.0 Affected: 22.8.0 Affected: 23.2.0 Affected: 23.4.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-appd-php-authpriv-gEBwTvu5",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-21T19:47:48.993316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T20:01:10.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco AppDynamics",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "21.2.7"
},
{
"status": "affected",
"version": "21.2.8"
},
{
"status": "affected",
"version": "21.4.0"
},
{
"status": "affected",
"version": "21.4.10"
},
{
"status": "affected",
"version": "21.4.11"
},
{
"status": "affected",
"version": "21.4.2"
},
{
"status": "affected",
"version": "21.4.3"
},
{
"status": "affected",
"version": "21.4.4"
},
{
"status": "affected",
"version": "21.4.5"
},
{
"status": "affected",
"version": "21.4.6"
},
{
"status": "affected",
"version": "21.4.7"
},
{
"status": "affected",
"version": "21.4.8"
},
{
"status": "affected",
"version": "21.4.9"
},
{
"status": "affected",
"version": "21.5.0"
},
{
"status": "affected",
"version": "21.6.0"
},
{
"status": "affected",
"version": "22.1.0"
},
{
"status": "affected",
"version": "22.1.1"
},
{
"status": "affected",
"version": "22.11.0"
},
{
"status": "affected",
"version": "22.3.0"
},
{
"status": "affected",
"version": "22.10.0"
},
{
"status": "affected",
"version": "22.12.0"
},
{
"status": "affected",
"version": "22.12.1"
},
{
"status": "affected",
"version": "21.7.0"
},
{
"status": "affected",
"version": "22.8.0"
},
{
"status": "affected",
"version": "23.2.0"
},
{
"status": "affected",
"version": "23.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Improper Privilege Management",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:58:38.138Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-appd-php-authpriv-gEBwTvu5",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5"
}
],
"source": {
"advisory": "cisco-sa-appd-php-authpriv-gEBwTvu5",
"defects": [
"CSCwh65119"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20274",
"datePublished": "2023-11-21T18:49:52.044Z",
"dateReserved": "2022-10-27T18:47:50.374Z",
"dateUpdated": "2024-08-29T20:01:10.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}