CVE-2020-9667

Опубликовано: 16 апр. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 6.9

EPSS Низкий

Описание

Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker with admin privileges could plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.

Ссылки

https://helpx.adobe.com/security/products/integrity_service/apsb20-42.html
Vendor Advisory
https://helpx.adobe.com/security/products/integrity_service/apsb20-42.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:adobe:genuine_service:*:*:*:*:*:*:*:*

Версия до 6.6 (включая)

Одно из

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00076

Низкий

6.5 Medium

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-427

Связанные уязвимости

GHSA-fgmp-r99f-p6j4

github

больше 3 лет назад

Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.

BDU:2021-04929