This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.MACOS_ADOBE_AUDITION_APSB21-121.NASLAdobe Audition < 14.4.3 / 22.x < 22.1.1 Multiple Privilege Escalation Vulnerabilities (APSB21-121) (macOS)
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
54.4%
According to its self-reported version number, the Adobe Audition install on the remote host is prior to 14.4.3 or 22.x prior to 22.1.1. It is, therefore, affected by multiple privilege escalation vulnerabilities due to out of bounds reads. An unauthenticated, local attacker could exploit these to escalate their privileges on an affected host.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(181596);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/16");
script_cve_id("CVE-2021-44697", "CVE-2021-44698", "CVE-2021-44699");
script_xref(name:"IAVA", value:"2021-A-0587-S");
script_name(english:"Adobe Audition < 14.4.3 / 22.x < 22.1.1 Multiple Privilege Escalation Vulnerabilities (APSB21-121) (macOS)");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an application installed that is affected by multiple privilege escalation vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Adobe Audition install on the remote host is prior to
14.4.3 or 22.x prior to 22.1.1. It is, therefore, affected by multiple privilege escalation vulnerabilities due to out
of bounds reads. An unauthenticated, local attacker could exploit these to escalate their privileges on an affected
host.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://helpx.adobe.com/security/products/audition/apsb21-121.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?35b21458");
script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Audition version 14.4.3, 22.1.1, or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-44699");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/12/14");
script_set_attribute(attribute:"patch_publication_date", value:"2021/12/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:audition");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("audition_mac_installed.nbin");
script_require_keys("installed_sw/Adobe Audition", "Host/MacOSX/Version", "Host/local_checks_enabled");
exit(0);
}
include('vcf.inc');
if (!get_kb_item('Host/local_checks_enabled'))
audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/MacOSX/Version'))
audit(AUDIT_OS_NOT, 'macOS');
var app_info = vcf::get_app_info(app:'Adobe Audition');
var constraints = [
{'fixed_version': '14.4.1', 'fixed_display': '14.4.3'},
{'min_version': '22.0', 'fixed_version': '22.1', 'fixed_display': '22.1.1'}
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
54.4%