Adobe Creative Cloud < 5.4 Multiple Vulnerabilities (APSB21-18)

medium Nessus Plugin ID 147421

Synopsis

The Adobe Creative Cloud instance installed on the remote host is affected by multiple vulnerabilities.

Description

The version of Adobe Creative Cloud installed on the remote Windows host is prior to 5.4. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB21-18 advisory.

- Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. (CVE-2021-21069)

- Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction (CVE-2021-21078)

- Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction. (CVE-2021-21068)

- Adobe Creative Cloud Desktop Application for macOS version 5.3 (and earlier) is affected by a privilege escalation vulnerability that could allow a normal user to delete the OOBE directory and get permissions of any directory under the administrator authority. (CVE-2021-28547)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Adobe Creative Cloud version 5.4 or later.

See Also

http://www.nessus.org/u?5e798cb5

Plugin Details

Severity: Medium

ID: 147421

File Name: adobe_creative_cloud_apsb21-18.nasl

Version: 1.8

Type: local

Agent: windows

Family: Misc.

Published: 3/10/2021

Updated: 11/20/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-21069

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2021-21078

Vulnerability Information

CPE: cpe:/a:adobe:creative_cloud

Required KB Items: SMB/Registry/Enumerated, installed_sw/Creative Cloud

Exploit Ease: No known exploits are available

Patch Publication Date: 3/10/2021

Vulnerability Publication Date: 3/10/2021

Reference Information

CVE: CVE-2021-21068, CVE-2021-21069, CVE-2021-21078, CVE-2021-28547

IAVA: 2021-A-0124-S