CVE-2021-39826

Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary commands. User interaction is required to abuse this vulnerability in that a user must open a maliciously crafted .epub file.

CVSS v3 8.6 HIGH
CVSS v2.0 9.3 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html	Patch Vendor Advisory
https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:adobe:digital_editions:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:20

Type	Values Removed	Values Added
References	~~() https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html - Patch, Vendor Advisory~~	() https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html - Patch, Vendor Advisory

Information

Published : 2021-09-27 16:15

Updated : 2024-11-21 06:20

NVD link : CVE-2021-39826

Mitre link : CVE-2021-39826

CVE.ORG link : CVE-2021-39826

JSON object : View

Products Affected

adobe

digital_editions

apple

macos

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2021-39826", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "psirt@adobe.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.8}]}, "published": "2021-09-27T16:15:10.130", "references": [{"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary commands. User interaction is required to abuse this vulnerability in that a user must open a maliciously crafted .epub file."}, {"lang": "es", "value": "Adobe Digital Editions versiones 4.5.11.187646 (y anteriores), est\u00e1n afectadas por una vulnerabilidad de ejecuci\u00f3n de comandos arbitrarios. Un atacante autenticado podr\u00eda aprovechar esta vulnerabilidad para ejecutar comandos arbitrarios. Es requerida una interacci\u00f3n del usuario para abusar de esta vulnerabilidad, ya que el usuario que debe abrir un archivo .epub dise\u00f1ado de forma maliciosa"}], "lastModified": "2024-11-21T06:20:19.213", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:digital_editions:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1272DDA4-6B2D-449C-9BC7-76007414C82C", "versionEndIncluding": "4.5.11.187646"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@adobe.com"}