Lucene search

K
nessusThis script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.ADOBE_BRIDGE_APSB20-19.NASL
HistoryMar 10, 2021 - 12:00 a.m.

Adobe Bridge 10.x < 10.0.4 Multiple Vulnerabilities (APSB20-19)

2021-03-1000:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.01

Percentile

83.8%

The version of Adobe Bridge installed on the remote Windows host is prior to 10.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb20-19 advisory.

  • Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. (CVE-2020-9553, CVE-2020-9557, CVE-2020-9558)

  • Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . (CVE-2020-9554, CVE-2020-9556, CVE-2020-9559, CVE-2020-9560, CVE-2020-9561, CVE-2020-9564, CVE-2020-9565, CVE-2020-9569)

  • Adobe Bridge versions 10.0.1 and earlier version have a stack-based buffer overflow vulnerability.
    Successful exploitation could lead to arbitrary code execution. (CVE-2020-9555)

  • Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2020-9562, CVE-2020-9563)

  • Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . (CVE-2020-9566, CVE-2020-9567)

  • Adobe Bridge versions 10.0.1 and earlier version have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . (CVE-2020-9568)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable Network Security, Inc.
##

include('compat.inc');

if (description)
{
  script_id(147411);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/03/11");

  script_cve_id(
    "CVE-2020-9553",
    "CVE-2020-9554",
    "CVE-2020-9555",
    "CVE-2020-9556",
    "CVE-2020-9557",
    "CVE-2020-9558",
    "CVE-2020-9559",
    "CVE-2020-9560",
    "CVE-2020-9561",
    "CVE-2020-9562",
    "CVE-2020-9563",
    "CVE-2020-9564",
    "CVE-2020-9565",
    "CVE-2020-9566",
    "CVE-2020-9567",
    "CVE-2020-9568",
    "CVE-2020-9569"
  );

  script_name(english:"Adobe Bridge 10.x < 10.0.4 Multiple Vulnerabilities (APSB20-19)");

  script_set_attribute(attribute:"synopsis", value:
"Adobe Bridge installed on remote Windows host is affected by a multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Bridge installed on the remote Windows host is prior to 10.0.4. It is, therefore, affected by
multiple vulnerabilities as referenced in the apsb20-19 advisory.

  - Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful
    exploitation could lead to information disclosure. (CVE-2020-9553, CVE-2020-9557, CVE-2020-9558)

  - Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful
    exploitation could lead to arbitrary code execution . (CVE-2020-9554, CVE-2020-9556, CVE-2020-9559,
    CVE-2020-9560, CVE-2020-9561, CVE-2020-9564, CVE-2020-9565, CVE-2020-9569)

  - Adobe Bridge versions 10.0.1 and earlier version have a stack-based buffer overflow vulnerability.
    Successful exploitation could lead to arbitrary code execution. (CVE-2020-9555)

  - Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful
    exploitation could lead to arbitrary code execution. (CVE-2020-9562, CVE-2020-9563)

  - Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful
    exploitation could lead to arbitrary code execution . (CVE-2020-9566, CVE-2020-9567)

  - Adobe Bridge versions 10.0.1 and earlier version have a memory corruption vulnerability. Successful
    exploitation could lead to arbitrary code execution . (CVE-2020-9568)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/bridge/apsb20-19.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Bridge version 10.0.4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-9569");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/03/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:bridge");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("adobe_bridge_installed.nasl");
  script_require_keys("installed_sw/Adobe Bridge", "SMB/Registry/Enumerated");

  exit(0);
}

include('vcf.inc');

get_kb_item_or_exit('SMB/Registry/Enumerated');

app_info = vcf::get_app_info(app:'Adobe Bridge', win_local:TRUE);

constraints = [
  { 'min_version' : '10.0.0', 'max_version' : '10.0.1', 'fixed_version' : '10.0.4' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
adobebridgecpe:/a:adobe:bridge

References

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.01

Percentile

83.8%