Lucene search
This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ADOBE_LIGHTROOM_CLASSIC_APSB20-74.NASLHistoryDec 10, 2020 - 12:00 a.m.
Adobe Lightroom Classic < 10.1 Arbitrary Code Execution (APSB20-74)
2020-12-1000:00:00
This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
The version of Adobe Lightroom Classic installed on the remote Windows host is prior to 10.1. It is, therefore, affected by an uncontrolled search path element vulnerability. Successful exploitation could lead to a arbitrary code execution on an affected host.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version
##
# (C) Tenable Network Security, Inc.
##
include('compat.inc');
if (description)
{
script_id(144052);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/01/26");
script_cve_id("CVE-2020-24447");
script_xref(name:"IAVA", value:"2020-A-0569-S");
script_name(english:"Adobe Lightroom Classic < 10.1 Arbitrary Code Execution (APSB20-74)");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an application installed that is affected by a arbitrary code execution vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Adobe Lightroom Classic installed on the remote Windows host is prior to 10.1. It is, therefore,
affected by an uncontrolled search path element vulnerability. Successful exploitation could lead to a arbitrary code
execution on an affected host.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version");
# https://helpx.adobe.com/security/products/lightroom/apsb20-74.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5e3e4935");
script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Lightroom Classic 10.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-24447");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/12/08");
script_set_attribute(attribute:"patch_publication_date", value:"2020/12/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/12/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:lightroom");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("adobe_lightroom_classic_installed.nbin");
script_require_keys("installed_sw/Adobe Lightroom Classic");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
app_info = vcf::get_app_info(app:'Adobe Lightroom Classic', win_local:TRUE);
constraints = [{'fixed_version':'10.1'}];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_NOTE
);
Related
prion
prion
Design/Logic Flaw
2020-12-11 03:15:00
adobe
adobe
APSB20-74 Security update available for Adobe Lightroom
2020-12-08 00:00:00
cve
cve
CVE-2020-24447
2020-12-11 03:15:00
threatpost
threatpost
Adobe Warns Windows, macOS Users of Critical-Severity Flaws
2020-12-08 16:36:45
Related for ADOBE_LIGHTROOM_CLASSIC_APSB20-74.NASL