Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.MACOS_ADOBE_BRIDGE_APSB20-19.NASL
HistoryMar 10, 2021 - 12:00 a.m.

Adobe Bridge 10.x < 10.0.4 Multiple Vulnerabilities (APSB20-19)

2021-03-1000:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

The version of Adobe Bridge installed on the remote macOS or Mac OS X host is prior to 10.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb20-19 advisory.

  • Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. (CVE-2020-9553, CVE-2020-9557, CVE-2020-9558)

  • Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . (CVE-2020-9554, CVE-2020-9556, CVE-2020-9559, CVE-2020-9560, CVE-2020-9561, CVE-2020-9564, CVE-2020-9565, CVE-2020-9569)

  • Adobe Bridge versions 10.0.1 and earlier version have a stack-based buffer overflow vulnerability.
    Successful exploitation could lead to arbitrary code execution. (CVE-2020-9555)

  • Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2020-9562, CVE-2020-9563)

  • Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . (CVE-2020-9566, CVE-2020-9567)

  • Adobe Bridge versions 10.0.1 and earlier version have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . (CVE-2020-9568)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable Network Security, Inc.
##

include('compat.inc');

if (description)
{
  script_id(147417);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/03/11");

  script_cve_id(
    "CVE-2020-9553",
    "CVE-2020-9554",
    "CVE-2020-9555",
    "CVE-2020-9556",
    "CVE-2020-9557",
    "CVE-2020-9558",
    "CVE-2020-9559",
    "CVE-2020-9560",
    "CVE-2020-9561",
    "CVE-2020-9562",
    "CVE-2020-9563",
    "CVE-2020-9564",
    "CVE-2020-9565",
    "CVE-2020-9566",
    "CVE-2020-9567",
    "CVE-2020-9568",
    "CVE-2020-9569"
  );

  script_name(english:"Adobe Bridge 10.x < 10.0.4 Multiple Vulnerabilities (APSB20-19)");

  script_set_attribute(attribute:"synopsis", value:
"Adobe Bridge installed on remote macOS or Mac OS X host is affected by a multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Bridge installed on the remote macOS or Mac OS X host is prior to 10.0.4. It is, therefore,
affected by multiple vulnerabilities as referenced in the apsb20-19 advisory.

  - Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful
    exploitation could lead to information disclosure. (CVE-2020-9553, CVE-2020-9557, CVE-2020-9558)

  - Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful
    exploitation could lead to arbitrary code execution . (CVE-2020-9554, CVE-2020-9556, CVE-2020-9559,
    CVE-2020-9560, CVE-2020-9561, CVE-2020-9564, CVE-2020-9565, CVE-2020-9569)

  - Adobe Bridge versions 10.0.1 and earlier version have a stack-based buffer overflow vulnerability.
    Successful exploitation could lead to arbitrary code execution. (CVE-2020-9555)

  - Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful
    exploitation could lead to arbitrary code execution. (CVE-2020-9562, CVE-2020-9563)

  - Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful
    exploitation could lead to arbitrary code execution . (CVE-2020-9566, CVE-2020-9567)

  - Adobe Bridge versions 10.0.1 and earlier version have a memory corruption vulnerability. Successful
    exploitation could lead to arbitrary code execution . (CVE-2020-9568)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/bridge/apsb20-19.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Bridge version 10.0.4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-9569");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/03/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:bridge");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_adobe_bridge_installed.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/Adobe Bridge");

  exit(0);
}

include('vcf.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

get_kb_item_or_exit('Host/MacOSX/Version');

app_info = vcf::get_app_info(app:'Adobe Bridge');

constraints = [
  { 'min_version' : '10.0.0', 'max_version' : '10.0.1', 'fixed_version' : '10.0.4' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
adobebridgecpe:/a:adobe:bridge

References

Related

adobe 1
openvas 2
nessus 1
threatpost 1
prion 17
zdi 17
cve 17
adobe
adobe
APSB20-19 Security update available for Adobe Bridge
2020-04-28 00:00:00
openvas
openvas
Adobe Bridge Security Updates (apsb20-19)-Windows
2020-04-29 00:00:00
Adobe Bridge Security Updates (apsb20-19)-Mac OS X
2020-04-29 00:00:00
nessus
nessus
Adobe Bridge 10.x < 10.0.4 Multiple Vulnerabilities (APSB20-19)
2021-03-10 00:00:00
threatpost
threatpost
Critical Adobe Illustrator, Bridge and Magento Flaws Patched
2020-04-28 20:20:16
prion
prion
Out-of-bounds
2020-06-26 21:15:00
Out-of-bounds
2020-06-26 21:15:00
Design/Logic Flaw
2020-06-26 21:15:00
zdi
zdi
Adobe Bridge PostScript CharString Directory Heap-based Buffer Overflow Remote Code Execution Vulnerability
2020-04-28 00:00:00
Adobe Bridge PostScript hsbw Command Out-Of-Bounds Write Remote Code Execution Vulnerability
2020-04-28 00:00:00
Adobe Bridge TTF File Parsing Use-After-Free Information Disclosure Vulnerability
2020-04-28 00:00:00
cve
cve
CVE-2020-9564
2020-06-26 21:15:00
CVE-2020-9569
2020-06-26 21:15:00
CVE-2020-9562
2020-06-26 21:15:00
JSON
Related for MACOS_ADOBE_BRIDGE_APSB20-19.NASL
adobe1openvas2nessus1threatpost1prion17zdi17cve17