CVE-2020-9713

2022-02-25T08:30:05

Description

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

{"id": "CVE-2020-9713", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2020-9713", "description": "This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", "published": "2022-02-25T08:30:05", "modified": "2022-02-25T08:30:05", "cvss": {}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "candidate", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2022-02-25T08:30:05", "viewCount": 12, "enchantments": {"backreferences": {"references": [{"type": "adobe", "idList": ["APSB20-48"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0793"]}, {"type": "nessus", "idList": ["ADOBE_ACROBAT_APSB20-48.NASL", "ADOBE_READER_APSB20-48.NASL", "MACOS_ADOBE_ACROBAT_APSB20-48.NASL", "MACOS_ADOBE_READER_APSB20-48.NASL"]}]}, "score": {"value": 1.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "adobe", "idList": ["APSB20-48"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0793"]}, {"type": "nessus", "idList": ["ADOBE_ACROBAT_APSB20-48.NASL", "ADOBE_READER_APSB20-48.NASL", "MACOS_ADOBE_ACROBAT_APSB20-48.NASL", "MACOS_ADOBE_READER_APSB20-48.NASL"]}], "rev": 4}, "vulnersScore": 1.5}, "_state": {"dependencies": 1647589307, "score": 1659757587, "epss": 1679179052}, "_internal": {}, "cpe": [], "cpe23": [], "cwe": [], "affectedSoftware": [], "affectedConfiguration": [], "cpeConfiguration": {}, "extraReferences": [], "product_info": []}

{"checkpoint_advisories": [{"lastseen": "2022-02-16T19:38:13", "description": "A vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to damage users system.", "cvss3": {}, "published": "2020-08-16T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Invalid Memory Access (APSB20-48: CVE-2020-9713)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-9713"], "modified": "2020-08-16T00:00:00", "id": "CPAI-2020-0793", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "adobe": [{"lastseen": "2022-10-21T17:04:09", "description": "Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address [critical]() and [important]() vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-11T00:00:00", "type": "adobe", "title": "APSB20-48 Security Updates available for Adobe Acrobat and Reader", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9693", "CVE-2020-9694", "CVE-2020-9695", "CVE-2020-9696", "CVE-2020-9697", "CVE-2020-9698", "CVE-2020-9699", "CVE-2020-9700", "CVE-2020-9701", "CVE-2020-9702", "CVE-2020-9703", "CVE-2020-9704", "CVE-2020-9705", "CVE-2020-9706", "CVE-2020-9707", "CVE-2020-9710", "CVE-2020-9711", "CVE-2020-9712", "CVE-2020-9713", "CVE-2020-9714", "CVE-2020-9715", "CVE-2020-9716", "CVE-2020-9717", "CVE-2020-9718", "CVE-2020-9719", "CVE-2020-9720", "CVE-2020-9721", "CVE-2020-9722", "CVE-2020-9723"], "modified": "2020-08-11T00:00:00", "id": "APSB20-48", "href": "https://helpx.adobe.com/security/products/acrobat/apsb20-48.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-11T15:18:32", "description": "The version of Adobe Acrobat installed on the remote Windows host is a version prior or equal to 2015.006.30523, 2017.011.30171, 2020.001.30002, or 2020.009.20074. It is, therefore, affected by multiple vulnerabilities.\n\n - Disclosure of Sensitive Data potentially leading to Memory Leak (CVE-2020-9697)\n\n - Security bypass potentially leading to Privilege Escalation (CVE-2020-9714)\n\n - Out-of-bounds write potentially leading to Arbitrary Code Execution (CVE-2020-9693, CVE-2020-9694)\n\n - Security bypass potentially leading to Security feature bypass (CVE-2020-9696, CVE-2020-9712)\n\n - Stack exhaustion potentially leading to Application denial-of-service (CVE-2020-9702, CVE-2020-9703)\n\n - Out-of-bounds read potentially leading to Information disclosure (CVE-2020-9705, CVE-2020-9706, CVE-2020-9707, CVE-2020-9710, CVE-2020-9716, CVE-2020-9717, CVE-2020-9718, CVE-2020-9719, CVE-2020-9720, CVE-2020-9721, CVE-2020-9723)\n\n - Buffer error potentially leading to Arbitrary Code Execution (CVE-2020-9698, CVE-2020-9699, CVE-2020-9700, CVE-2020-9701, CVE-2020-9704)\n\n - Use-after-free potentially leading to Arbitrary Code Execution (CVE-2020-9715, CVE-2020-9722)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-14T00:00:00", "type": "nessus", "title": "Adobe Acrobat <= 2015.006.30523 / 2017.011.30171 / 2020.001.30002 / 2020.009.20074 Multiple Vulnerabilities (APSB20-48)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9693", "CVE-2020-9694", "CVE-2020-9695", "CVE-2020-9696", "CVE-2020-9697", "CVE-2020-9698", "CVE-2020-9699", "CVE-2020-9700", "CVE-2020-9701", "CVE-2020-9702", "CVE-2020-9703", "CVE-2020-9704", "CVE-2020-9705", "CVE-2020-9706", "CVE-2020-9707", "CVE-2020-9710", "CVE-2020-9711", "CVE-2020-9712", "CVE-2020-9713", "CVE-2020-9714", "CVE-2020-9715", "CVE-2020-9716", "CVE-2020-9717", "CVE-2020-9718", "CVE-2020-9719", "CVE-2020-9720", "CVE-2020-9721", "CVE-2020-9722", "CVE-2020-9723"], "modified": "2021-03-26T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB20-48.NASL", "href": "https://www.tenable.com/plugins/nessus/139580", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139580);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/26\");\n\n script_cve_id(\n \"CVE-2020-9693\",\n \"CVE-2020-9694\",\n \"CVE-2020-9695\",\n \"CVE-2020-9696\",\n \"CVE-2020-9697\",\n \"CVE-2020-9698\",\n \"CVE-2020-9699\",\n \"CVE-2020-9700\",\n \"CVE-2020-9701\",\n \"CVE-2020-9702\",\n \"CVE-2020-9703\",\n \"CVE-2020-9704\",\n \"CVE-2020-9705\",\n \"CVE-2020-9706\",\n \"CVE-2020-9707\",\n \"CVE-2020-9710\",\n \"CVE-2020-9711\",\n \"CVE-2020-9712\",\n \"CVE-2020-9713\",\n \"CVE-2020-9714\",\n \"CVE-2020-9715\",\n \"CVE-2020-9716\",\n \"CVE-2020-9717\",\n \"CVE-2020-9718\",\n \"CVE-2020-9719\",\n \"CVE-2020-9720\",\n \"CVE-2020-9721\",\n \"CVE-2020-9722\",\n \"CVE-2020-9723\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0363-S\");\n\n script_name(english:\"Adobe Acrobat <= 2015.006.30523 / 2017.011.30171 / 2020.001.30002 / 2020.009.20074 Multiple Vulnerabilities (APSB20-48)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is a version prior or equal to 2015.006.30523,\n2017.011.30171, 2020.001.30002, or 2020.009.20074. It is, therefore, affected by multiple vulnerabilities.\n\n - Disclosure of Sensitive Data potentially leading to\n Memory Leak (CVE-2020-9697)\n\n - Security bypass potentially leading to Privilege\n Escalation (CVE-2020-9714)\n\n - Out-of-bounds write potentially leading to Arbitrary\n Code Execution (CVE-2020-9693, CVE-2020-9694)\n\n - Security bypass potentially leading to Security feature\n bypass (CVE-2020-9696, CVE-2020-9712)\n\n - Stack exhaustion potentially leading to Application\n denial-of-service (CVE-2020-9702, CVE-2020-9703)\n\n - Out-of-bounds read potentially leading to Information\n disclosure (CVE-2020-9705, CVE-2020-9706, CVE-2020-9707,\n CVE-2020-9710, CVE-2020-9716, CVE-2020-9717,\n CVE-2020-9718, CVE-2020-9719, CVE-2020-9720,\n CVE-2020-9721, CVE-2020-9723)\n\n - Buffer error potentially leading to Arbitrary Code\n Execution (CVE-2020-9698, CVE-2020-9699, CVE-2020-9700,\n CVE-2020-9701, CVE-2020-9704)\n\n - Use-after-free potentially leading to Arbitrary Code\n Execution (CVE-2020-9715, CVE-2020-9722)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb20-48.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat version 2015.006.30527 or 2017.011.30175 or 2020.001.30005 or 2020.012.20041 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9722\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Adobe Acrobat', win_local:TRUE);\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nconstraints = [\n { 'min_version' : '15.6', 'max_version' : '15.006.30523', 'fixed_version' : '15.006.30527' },\n { 'min_version' : '15.7', 'max_version' : '20.009.20074', 'fixed_version' : '20.012.20041' },\n { 'min_version' : '17.8', 'max_version' : '17.011.30171', 'fixed_version' : '17.011.30175' },\n { 'min_version' : '20.0', 'max_version' : '20.001.30002', 'fixed_version' : '20.001.30005' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:19:11", "description": "The version of Adobe Reader installed on the remote Windows host is a version prior or equal to 2015.006.30523, 2017.011.30171, 2020.001.30002, or 2020.009.20074. It is, therefore, affected by multiple vulnerabilities.\n\n - Disclosure of Sensitive Data potentially leading to Memory Leak (CVE-2020-9697)\n\n - Security bypass potentially leading to Privilege Escalation (CVE-2020-9714)\n\n - Out-of-bounds write potentially leading to Arbitrary Code Execution (CVE-2020-9693, CVE-2020-9694)\n\n - Security bypass potentially leading to Security feature bypass (CVE-2020-9696, CVE-2020-9712)\n\n - Stack exhaustion potentially leading to Application denial-of-service (CVE-2020-9702, CVE-2020-9703)\n\n - Out-of-bounds read potentially leading to Information disclosure (CVE-2020-9705, CVE-2020-9706, CVE-2020-9707, CVE-2020-9710, CVE-2020-9716, CVE-2020-9717, CVE-2020-9718, CVE-2020-9719, CVE-2020-9720, CVE-2020-9721, CVE-2020-9723)\n\n - Buffer error potentially leading to Arbitrary Code Execution (CVE-2020-9698, CVE-2020-9699, CVE-2020-9700, CVE-2020-9701, CVE-2020-9704)\n\n - Use-after-free potentially leading to Arbitrary Code Execution (CVE-2020-9715, CVE-2020-9722)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-14T00:00:00", "type": "nessus", "title": "Adobe Reader <= 2015.006.30523 / 2017.011.30171 / 2020.001.30002 / 2020.009.20074 Multiple Vulnerabilities (APSB20-48)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9693", "CVE-2020-9694", "CVE-2020-9695", "CVE-2020-9696", "CVE-2020-9697", "CVE-2020-9698", "CVE-2020-9699", "CVE-2020-9700", "CVE-2020-9701", "CVE-2020-9702", "CVE-2020-9703", "CVE-2020-9704", "CVE-2020-9705", "CVE-2020-9706", "CVE-2020-9707", "CVE-2020-9710", "CVE-2020-9711", "CVE-2020-9712", "CVE-2020-9713", "CVE-2020-9714", "CVE-2020-9715", "CVE-2020-9716", "CVE-2020-9717", "CVE-2020-9718", "CVE-2020-9719", "CVE-2020-9720", "CVE-2020-9721", "CVE-2020-9722", "CVE-2020-9723"], "modified": "2021-03-26T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB20-48.NASL", "href": "https://www.tenable.com/plugins/nessus/139581", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139581);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/26\");\n\n script_cve_id(\n \"CVE-2020-9693\",\n \"CVE-2020-9694\",\n \"CVE-2020-9695\",\n \"CVE-2020-9696\",\n \"CVE-2020-9697\",\n \"CVE-2020-9698\",\n \"CVE-2020-9699\",\n \"CVE-2020-9700\",\n \"CVE-2020-9701\",\n \"CVE-2020-9702\",\n \"CVE-2020-9703\",\n \"CVE-2020-9704\",\n \"CVE-2020-9705\",\n \"CVE-2020-9706\",\n \"CVE-2020-9707\",\n \"CVE-2020-9710\",\n \"CVE-2020-9711\",\n \"CVE-2020-9712\",\n \"CVE-2020-9713\",\n \"CVE-2020-9714\",\n \"CVE-2020-9715\",\n \"CVE-2020-9716\",\n \"CVE-2020-9717\",\n \"CVE-2020-9718\",\n \"CVE-2020-9719\",\n \"CVE-2020-9720\",\n \"CVE-2020-9721\",\n \"CVE-2020-9722\",\n \"CVE-2020-9723\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0363-S\");\n\n script_name(english:\"Adobe Reader <= 2015.006.30523 / 2017.011.30171 / 2020.001.30002 / 2020.009.20074 Multiple Vulnerabilities (APSB20-48)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Windows host is a version prior or equal to 2015.006.30523,\n2017.011.30171, 2020.001.30002, or 2020.009.20074. It is, therefore, affected by multiple vulnerabilities.\n\n - Disclosure of Sensitive Data potentially leading to\n Memory Leak (CVE-2020-9697)\n\n - Security bypass potentially leading to Privilege\n Escalation (CVE-2020-9714)\n\n - Out-of-bounds write potentially leading to Arbitrary\n Code Execution (CVE-2020-9693, CVE-2020-9694)\n\n - Security bypass potentially leading to Security feature\n bypass (CVE-2020-9696, CVE-2020-9712)\n\n - Stack exhaustion potentially leading to Application\n denial-of-service (CVE-2020-9702, CVE-2020-9703)\n\n - Out-of-bounds read potentially leading to Information\n disclosure (CVE-2020-9705, CVE-2020-9706, CVE-2020-9707,\n CVE-2020-9710, CVE-2020-9716, CVE-2020-9717,\n CVE-2020-9718, CVE-2020-9719, CVE-2020-9720,\n CVE-2020-9721, CVE-2020-9723)\n\n - Buffer error potentially leading to Arbitrary Code\n Execution (CVE-2020-9698, CVE-2020-9699, CVE-2020-9700,\n CVE-2020-9701, CVE-2020-9704)\n\n - Use-after-free potentially leading to Arbitrary Code\n Execution (CVE-2020-9715, CVE-2020-9722)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb20-48.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader version 2015.006.30527 or 2017.011.30175 or 2020.001.30005 or 2020.012.20041 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9722\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Adobe Reader', win_local:TRUE);\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nconstraints = [\n { 'min_version' : '15.6', 'max_version' : '15.006.30523', 'fixed_version' : '15.006.30527' },\n { 'min_version' : '15.7', 'max_version' : '20.009.20074', 'fixed_version' : '20.012.20041' },\n { 'min_version' : '17.8', 'max_version' : '17.011.30171', 'fixed_version' : '17.011.30175' },\n { 'min_version' : '20.0', 'max_version' : '20.001.30002', 'fixed_version' : '20.001.30005' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:18:31", "description": "The version of Adobe Reader installed on the remote macOS host is a version prior or equal to 2015.006.30523, 2017.011.30171, 2020.001.30002, or 2020.009.20074. It is, therefore, affected by multiple vulnerabilities.\n\n - Disclosure of Sensitive Data potentially leading to Memory Leak (CVE-2020-9697)\n\n - Security bypass potentially leading to Privilege Escalation (CVE-2020-9714)\n\n - Out-of-bounds write potentially leading to Arbitrary Code Execution (CVE-2020-9693, CVE-2020-9694)\n\n - Security bypass potentially leading to Security feature bypass (CVE-2020-9696, CVE-2020-9712)\n\n - Stack exhaustion potentially leading to Application denial-of-service (CVE-2020-9702, CVE-2020-9703)\n\n - Out-of-bounds read potentially leading to Information disclosure (CVE-2020-9705, CVE-2020-9706, CVE-2020-9707, CVE-2020-9710, CVE-2020-9716, CVE-2020-9717, CVE-2020-9718, CVE-2020-9719, CVE-2020-9720, CVE-2020-9721, CVE-2020-9723)\n\n - Buffer error potentially leading to Arbitrary Code Execution (CVE-2020-9698, CVE-2020-9699, CVE-2020-9700, CVE-2020-9701, CVE-2020-9704)\n\n - Use-after-free potentially leading to Arbitrary Code Execution (CVE-2020-9715, CVE-2020-9722)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-14T00:00:00", "type": "nessus", "title": "Adobe Reader <= 2015.006.30523 / 2017.011.30171 / 2020.001.30002 / 2020.009.20074 Multiple Vulnerabilities (APSB20-48) (macOS)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9693", "CVE-2020-9694", "CVE-2020-9695", "CVE-2020-9696", "CVE-2020-9697", "CVE-2020-9698", "CVE-2020-9699", "CVE-2020-9700", "CVE-2020-9701", "CVE-2020-9702", "CVE-2020-9703", "CVE-2020-9704", "CVE-2020-9705", "CVE-2020-9706", "CVE-2020-9707", "CVE-2020-9710", "CVE-2020-9711", "CVE-2020-9712", "CVE-2020-9713", "CVE-2020-9714", "CVE-2020-9715", "CVE-2020-9716", "CVE-2020-9717", "CVE-2020-9718", "CVE-2020-9719", "CVE-2020-9720", "CVE-2020-9721", "CVE-2020-9722", "CVE-2020-9723"], "modified": "2021-03-26T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "MACOS_ADOBE_READER_APSB20-48.NASL", "href": "https://www.tenable.com/plugins/nessus/139579", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139579);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/26\");\n\n script_cve_id(\n \"CVE-2020-9693\",\n \"CVE-2020-9694\",\n \"CVE-2020-9695\",\n \"CVE-2020-9696\",\n \"CVE-2020-9697\",\n \"CVE-2020-9698\",\n \"CVE-2020-9699\",\n \"CVE-2020-9700\",\n \"CVE-2020-9701\",\n \"CVE-2020-9702\",\n \"CVE-2020-9703\",\n \"CVE-2020-9704\",\n \"CVE-2020-9705\",\n \"CVE-2020-9706\",\n \"CVE-2020-9707\",\n \"CVE-2020-9710\",\n \"CVE-2020-9711\",\n \"CVE-2020-9712\",\n \"CVE-2020-9713\",\n \"CVE-2020-9714\",\n \"CVE-2020-9715\",\n \"CVE-2020-9716\",\n \"CVE-2020-9717\",\n \"CVE-2020-9718\",\n \"CVE-2020-9719\",\n \"CVE-2020-9720\",\n \"CVE-2020-9721\",\n \"CVE-2020-9722\",\n \"CVE-2020-9723\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0363-S\");\n\n script_name(english:\"Adobe Reader <= 2015.006.30523 / 2017.011.30171 / 2020.001.30002 / 2020.009.20074 Multiple Vulnerabilities (APSB20-48) (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote macOS host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote macOS host is a version prior or equal to 2015.006.30523,\n2017.011.30171, 2020.001.30002, or 2020.009.20074. It is, therefore, affected by multiple vulnerabilities.\n\n - Disclosure of Sensitive Data potentially leading to\n Memory Leak (CVE-2020-9697)\n\n - Security bypass potentially leading to Privilege\n Escalation (CVE-2020-9714)\n\n - Out-of-bounds write potentially leading to Arbitrary\n Code Execution (CVE-2020-9693, CVE-2020-9694)\n\n - Security bypass potentially leading to Security feature\n bypass (CVE-2020-9696, CVE-2020-9712)\n\n - Stack exhaustion potentially leading to Application\n denial-of-service (CVE-2020-9702, CVE-2020-9703)\n\n - Out-of-bounds read potentially leading to Information\n disclosure (CVE-2020-9705, CVE-2020-9706, CVE-2020-9707,\n CVE-2020-9710, CVE-2020-9716, CVE-2020-9717,\n CVE-2020-9718, CVE-2020-9719, CVE-2020-9720,\n CVE-2020-9721, CVE-2020-9723)\n\n - Buffer error potentially leading to Arbitrary Code\n Execution (CVE-2020-9698, CVE-2020-9699, CVE-2020-9700,\n CVE-2020-9701, CVE-2020-9704)\n\n - Use-after-free potentially leading to Arbitrary Code\n Execution (CVE-2020-9715, CVE-2020-9722)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb20-48.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader version 2015.006.30527 or 2017.011.30175 or 2020.001.30005 or 2020.012.20041 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9722\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('Host/local_checks_enabled');\nos = get_kb_item('Host/MacOSX/Version');\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');\n\napp_info = vcf::get_app_info(app:'Adobe Reader');\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nconstraints = [\n { 'min_version' : '15.6', 'max_version' : '15.006.30523', 'fixed_version' : '15.006.30527' },\n { 'min_version' : '15.7', 'max_version' : '20.009.20074', 'fixed_version' : '20.012.20041' },\n { 'min_version' : '17.8', 'max_version' : '17.011.30171', 'fixed_version' : '17.011.30175' },\n { 'min_version' : '20.0', 'max_version' : '20.001.30002', 'fixed_version' : '20.001.30005' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:18:13", "description": "The version of Adobe Acrobat installed on the remote macOS host is a version prior or equal to 2015.006.30523, 2017.011.30171, 2020.001.30002, or 2020.009.20074. It is, therefore, affected by multiple vulnerabilities.\n\n - Disclosure of Sensitive Data potentially leading to Memory Leak (CVE-2020-9697)\n\n - Security bypass potentially leading to Privilege Escalation (CVE-2020-9714)\n\n - Out-of-bounds write potentially leading to Arbitrary Code Execution (CVE-2020-9693, CVE-2020-9694)\n\n - Security bypass potentially leading to Security feature bypass (CVE-2020-9696, CVE-2020-9712)\n\n - Stack exhaustion potentially leading to Application denial-of-service (CVE-2020-9702, CVE-2020-9703)\n\n - Out-of-bounds read potentially leading to Information disclosure (CVE-2020-9705, CVE-2020-9706, CVE-2020-9707, CVE-2020-9710, CVE-2020-9716, CVE-2020-9717, CVE-2020-9718, CVE-2020-9719, CVE-2020-9720, CVE-2020-9721, CVE-2020-9723)\n\n - Buffer error potentially leading to Arbitrary Code Execution (CVE-2020-9698, CVE-2020-9699, CVE-2020-9700, CVE-2020-9701, CVE-2020-9704)\n\n - Use-after-free potentially leading to Arbitrary Code Execution (CVE-2020-9715, CVE-2020-9722)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-14T00:00:00", "type": "nessus", "title": "Adobe Acrobat <= 2015.006.30523 / 2017.011.30171 / 2020.001.30002 / 2020.009.20074 Multiple Vulnerabilities (APSB20-48) (macOS)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9693", "CVE-2020-9694", "CVE-2020-9695", "CVE-2020-9696", "CVE-2020-9697", "CVE-2020-9698", "CVE-2020-9699", "CVE-2020-9700", "CVE-2020-9701", "CVE-2020-9702", "CVE-2020-9703", "CVE-2020-9704", "CVE-2020-9705", "CVE-2020-9706", "CVE-2020-9707", "CVE-2020-9710", "CVE-2020-9711", "CVE-2020-9712", "CVE-2020-9713", "CVE-2020-9714", "CVE-2020-9715", "CVE-2020-9716", "CVE-2020-9717", "CVE-2020-9718", "CVE-2020-9719", "CVE-2020-9720", "CVE-2020-9721", "CVE-2020-9722", "CVE-2020-9723"], "modified": "2021-03-26T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "MACOS_ADOBE_ACROBAT_APSB20-48.NASL", "href": "https://www.tenable.com/plugins/nessus/139578", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139578);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/26\");\n\n script_cve_id(\n \"CVE-2020-9693\",\n \"CVE-2020-9694\",\n \"CVE-2020-9695\",\n \"CVE-2020-9696\",\n \"CVE-2020-9697\",\n \"CVE-2020-9698\",\n \"CVE-2020-9699\",\n \"CVE-2020-9700\",\n \"CVE-2020-9701\",\n \"CVE-2020-9702\",\n \"CVE-2020-9703\",\n \"CVE-2020-9704\",\n \"CVE-2020-9705\",\n \"CVE-2020-9706\",\n \"CVE-2020-9707\",\n \"CVE-2020-9710\",\n \"CVE-2020-9711\",\n \"CVE-2020-9712\",\n \"CVE-2020-9713\",\n \"CVE-2020-9714\",\n \"CVE-2020-9715\",\n \"CVE-2020-9716\",\n \"CVE-2020-9717\",\n \"CVE-2020-9718\",\n \"CVE-2020-9719\",\n \"CVE-2020-9720\",\n \"CVE-2020-9721\",\n \"CVE-2020-9722\",\n \"CVE-2020-9723\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0363-S\");\n\n script_name(english:\"Adobe Acrobat <= 2015.006.30523 / 2017.011.30171 / 2020.001.30002 / 2020.009.20074 Multiple Vulnerabilities (APSB20-48) (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote macOS host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote macOS host is a version prior or equal to 2015.006.30523,\n2017.011.30171, 2020.001.30002, or 2020.009.20074. It is, therefore, affected by multiple vulnerabilities.\n\n - Disclosure of Sensitive Data potentially leading to\n Memory Leak (CVE-2020-9697)\n\n - Security bypass potentially leading to Privilege\n Escalation (CVE-2020-9714)\n\n - Out-of-bounds write potentially leading to Arbitrary\n Code Execution (CVE-2020-9693, CVE-2020-9694)\n\n - Security bypass potentially leading to Security feature\n bypass (CVE-2020-9696, CVE-2020-9712)\n\n - Stack exhaustion potentially leading to Application\n denial-of-service (CVE-2020-9702, CVE-2020-9703)\n\n - Out-of-bounds read potentially leading to Information\n disclosure (CVE-2020-9705, CVE-2020-9706, CVE-2020-9707,\n CVE-2020-9710, CVE-2020-9716, CVE-2020-9717,\n CVE-2020-9718, CVE-2020-9719, CVE-2020-9720,\n CVE-2020-9721, CVE-2020-9723)\n\n - Buffer error potentially leading to Arbitrary Code\n Execution (CVE-2020-9698, CVE-2020-9699, CVE-2020-9700,\n CVE-2020-9701, CVE-2020-9704)\n\n - Use-after-free potentially leading to Arbitrary Code\n Execution (CVE-2020-9715, CVE-2020-9722)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb20-48.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat version 2015.006.30527 or 2017.011.30175 or 2020.001.30005 or 2020.012.20041 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9722\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_acrobat_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('Host/local_checks_enabled');\nos = get_kb_item('Host/MacOSX/Version');\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');\n\napp_info = vcf::get_app_info(app:'Adobe Acrobat');\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nconstraints = [\n { 'min_version' : '15.6', 'max_version' : '15.006.30523', 'fixed_version' : '15.006.30527' },\n { 'min_version' : '15.7', 'max_version' : '20.009.20074', 'fixed_version' : '20.012.20041' },\n { 'min_version' : '17.8', 'max_version' : '17.011.30171', 'fixed_version' : '17.011.30175' },\n { 'min_version' : '20.0', 'max_version' : '20.001.30002', 'fixed_version' : '20.001.30005' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}

CVE-2020-9713

Description

Related