CVE-2021-40776

Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability.

CVSS v3 6.1 MEDIUM
CVSS v2.0 6.6 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.2 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:S/C:C/I:C/A:C

Exploitability : 2.7 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://helpx.adobe.com/security/products/lightroom/apsb21-97.html	Patch Vendor Advisory
https://helpx.adobe.com/security/products/lightroom/apsb21-97.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:adobe:lightroom:*:*:*:*:classic:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

21 Nov 2024, 06:24

Type	Values Removed	Values Added
References	~~() https://helpx.adobe.com/security/products/lightroom/apsb21-97.html - Patch, Vendor Advisory~~	() https://helpx.adobe.com/security/products/lightroom/apsb21-97.html - Patch, Vendor Advisory

Information

Published : 2022-06-15 19:15

Updated : 2024-11-21 06:24

NVD link : CVE-2021-40776

Mitre link : CVE-2021-40776

CVE.ORG link : CVE-2021-40776

JSON object : View

Products Affected

apple

macos

microsoft

windows

adobe

lightroom

CWE

CWE-379

Creation of Temporary File in Directory with Insecure Permissions

NVD-CWE-Other

{"id": "CVE-2021-40776", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 2.7, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "psirt@adobe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.2}, {"type": "Secondary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.2}]}, "published": "2022-06-15T19:15:10.137", "references": [{"url": "https://helpx.adobe.com/security/products/lightroom/apsb21-97.html", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "https://helpx.adobe.com/security/products/lightroom/apsb21-97.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-379"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability."}, {"lang": "es", "value": "Adobe Lightroom Classic versiones 10.3 (y anteriores), est\u00e1n afectados por una vulnerabilidad de escalada de privilegios en el instalador de Lightroom Classic sin conexi\u00f3n. Un atacante autenticado podr\u00eda aprovechar esta vulnerabilidad para escalar privilegios. Es requerida la interacci\u00f3n del usuario antes de la instalaci\u00f3n del producto para abusar de esta vulnerabilidad"}], "lastModified": "2024-11-21T06:24:45.937", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:lightroom:*:*:*:*:classic:*:*:*", "vulnerable": true, "matchCriteriaId": "4B704015-AADC-41C2-AF74-8D2A29FF0537", "versionEndExcluding": "10.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@adobe.com"}