Description
Adobe Genuine Services version 7.1 (and earlier) is affected by an Insecure file permission vulnerability during installation process. A local authenticated attacker could leverage this vulnerability to achieve privilege escalation in the context of the current user.
Affected Software
Related
{"id": "CVE-2021-28568", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-28568", "description": "Adobe Genuine Services version 7.1 (and earlier) is affected by an Insecure file permission vulnerability during installation process. A local authenticated attacker could leverage this vulnerability to achieve privilege escalation in the context of the current user.", "published": "2021-09-08T17:15:00", "modified": "2022-04-25T18:16:00", "epss": [{"cve": "CVE-2021-28568", "epss": 0.00049, "percentile": 0.1628, "modified": "2023-05-27"}], "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 6.9}, "severity": "MEDIUM", "exploitabilityScore": 3.4, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 0.6, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28568", "reporter": "psirt@adobe.com", "references": ["https://helpx.adobe.com/security/products/integrity_service/apsb21-27.html"], "cvelist": ["CVE-2021-28568"], "immutableFields": [], "lastseen": "2023-05-27T14:35:42", "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "adobe", "idList": ["APSB21-27"]}, {"type": "cnvd", "idList": ["CNVD-2021-74105"]}]}, "score": {"value": 5.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "adobe", "idList": ["APSB21-27"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "adobe genuine service", "version": 7}]}, "epss": [{"cve": "CVE-2021-28568", "epss": 0.00049, "percentile": 0.16225, "modified": "2023-05-06"}], "vulnersScore": 5.1}, "_state": {"dependencies": 1685214608, "score": 1685200094, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "3db0f97f729f9685bfe78cbdb2dc605d"}, "cna_cvss": {"cna": "Adobe Systems Incorporated", "cvss": {"3": {"vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "score": 5.8}}}, "cpe": ["cpe:/a:adobe:genuine_service:7.1"], "cpe23": ["cpe:2.3:a:adobe:genuine_service:7.1:*:*:*:*:*:*:*"], "cwe": ["CWE-668"], "affectedSoftware": [{"cpeName": "adobe:genuine_service", "version": "7.1", "operator": "le", "name": "adobe genuine service"}], "affectedConfiguration": [{"name": "apple macos", "cpeName": "apple:macos", "version": "-", "operator": "eq"}, {"name": "microsoft windows", "cpeName": "microsoft:windows", "version": "-", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:adobe:genuine_service:7.1:*:*:*:*:*:*:*", "versionEndIncluding": "7.1", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": false, "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}]}, "extraReferences": [{"url": "https://helpx.adobe.com/security/products/integrity_service/apsb21-27.html", "name": "https://helpx.adobe.com/security/products/integrity_service/apsb21-27.html", "refsource": "MISC", "tags": ["Vendor Advisory"]}], "product_info": [{"vendor": "Adobe", "product": "GoCart"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"cweId": "CWE-379", "description": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)", "lang": "en", "type": "CWE"}]}], "exploits": [], "assigned": "1976-01-01T00:00:00"}
{"prion": [{"lastseen": "2023-08-16T02:56:43", "description": "Adobe Genuine Services version 7.1 (and earlier) is affected by an Insecure file permission vulnerability during installation process. A local authenticated attacker could leverage this vulnerability to achieve privilege escalation in the context of the current user.", "cvss3": {"exploitabilityScore": 0.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-08T17:15:00", "type": "prion", "title": "Adobe Genuine Services insecure file permission could lead to privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28568"], "modified": "2022-04-25T18:16:00", "id": "PRION:CVE-2021-28568", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-28568", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "adobe": [{"lastseen": "2021-11-27T02:46:03", "description": "Adobe has released updates for the Adobe Genuine Service for Windows and macOS. This update resolves an [important]() vulnerability that could lead to privilege escalation in the context of the current user. \n", "cvss3": {"exploitabilityScore": 0.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-11T00:00:00", "type": "adobe", "title": "APSB21-27 Security\u202fupdate available\u202ffor Adobe Genuine Service", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28568"], "modified": "2021-05-11T00:00:00", "id": "APSB21-27", "href": "https://helpx.adobe.com/security/products/integrity_service/apsb21-27.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "cnvd": [{"lastseen": "2022-11-05T09:31:32", "description": "Adobe Genuine Software Service is a legitimate software service from Adobe, which is vulnerable to an access control error that could be exploited by a locally authenticated attacker to achieve elevation of privilege in the context of the current user.", "cvss3": {"exploitabilityScore": 0.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-11T00:00:00", "type": "cnvd", "title": "Adobe Genuine Software Service Access Control Error Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28568"], "modified": "2021-09-27T00:00:00", "id": "CNVD-2021-74105", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-74105", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}]}
CVE-2021-28568
