CVE-2021-34745: 
vulnerability analysis and mitigation

A vulnerability (CVE-2021-34745) was discovered in the AppDynamics .NET Agent for Windows that could allow an attacker with local access to escalate privileges to SYSTEM level. The vulnerability was disclosed on August 18, 2021, affecting all AppDynamics .NET Agent for Windows releases prior to version 21.7 that were installed with Microsoft Installer (MSI) (AppDynamics Docs).

The vulnerability stems from the .NET Agent Coordinator Service executing code with SYSTEM privileges. The issue allows an authenticated local user to create a custom process that would be launched with SYSTEM privileges. The vulnerability has been assigned a CVSS score of 7.8, indicating a high severity level (AppDynamics Docs).

A successful exploitation of this vulnerability could allow an attacker with local access to execute arbitrary commands on the underlying operating system with SYSTEM privileges. This level of access would give the attacker complete control over the affected system (AppDynamics Docs).

AppDynamics has released a software update (version 21.7) that addresses this vulnerability. No workarounds are available, and users are advised to upgrade to the fixed version available from the AppDynamics Download Portal. The .NET Agent for Linux and the .NET Microservices Agent are not affected by this vulnerability (AppDynamics Docs).