Lucene search

K
cvelistAdobeCVELIST:CVE-2021-39828
HistorySep 14, 2021 - 12:00 a.m.

CVE-2021-39828 Adobe Digital Editions Installer flaw leads to Local Privilege Escalation

2021-09-1400:00:00
CWE-379
adobe
www.cve.org

5.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.7%

Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a privilege escalation vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability.

CNA Affected

[
  {
    "product": "Digital Editions",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "4.5.11.187646",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "None",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

5.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.7%

Related for CVELIST:CVE-2021-39828