Analysis Summary

CVE-2023-20084 CVSS: 5.0

Cisco Secure Endpoint for Windows is vulnerable to a denial of service, caused by a timing issue occurs between various software components. By persuading a victim to put and execute a specially crafted file in a specific folder within a limited time window, a local authenticated attacker could exploit this vulnerability to cause the endpoint software to fail to quarantine the malicious file or kill its process.

CVE-2023-20265 CVSS: 5.5

Cisco IP Phone is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-20274 CVSS: 6.3

Cisco AppDynamics PHP Agent could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an insufficient permission issue set by the PHP Agent Installer on the PHP Agent install directory. By modifying objects in the PHP Agent install directory, an authenticated attacker could exploit this vulnerability to gain elevated privileges to root on the system.


  • Cross-Site Scripting
  • Denial of Service
  • Privilege Escalation

Indicators Of Compromise


  • CVE-2023-20084
  • CVE-2023-20265
  • CVE-2023-20274

Affected Vendors


Affected Products

  • Cisco AppDynamics PHP Agent
  • Cisco IP DECT 110 Single-Cell Base Station with Multiplatform Firmware
  • Cisco IP DECT 210 Multi-Cell Base Station with Multiplatform Firmware
  • Cisco Unified SIP Phone 3905
  • Cisco Unified IP Phone 6901
  • Cisco Secure Endpoint Private Cloud
  • Cisco Secure Endpoint Connector for Windows


Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.