CVE-2021-21068 - OpenCVE

Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction.

Attack Vector Physical

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Physical

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Adobe	Creative Cloud Desktop Application
Apple	Macos
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:adobe:creative_cloud_desktop_application:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

References

Link	Resource
https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: adobe

Published: 2021-03-09T00:00:00

Updated: 2021-03-12T18:12:08

Reserved: 2020-12-18T00:00:00

Link: CVE-2021-21068

JSON object: View

NVD Information

Status : Modified

Published: 2021-03-12T19:15:13.723

Modified: 2023-11-07T03:29:26.013

Link: CVE-2021-21068

JSON object: View

Redhat Information

No data.

CWE

CWE-379

{"containers": {"cna": {"affected": [{"product": "Creative Cloud (desktop component)", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "5.3", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-03-09T00:00:00", "descriptions": [{"lang": "en", "value": "Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-379", "description": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-12T18:12:08", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Adobe Creative Cloud installer arbitrary file overwrite vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "DATE_PUBLIC": "2021-03-09T23:00:00.000Z", "ID": "CVE-2021-21068", "STATE": "PUBLIC", "TITLE": "Adobe Creative Cloud installer arbitrary file overwrite vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Creative Cloud (desktop component)", "version": {"version_data": [{"version_affected": "<=", "version_value": "5.3"}, {"version_affected": "<=", "version_value": "None"}, {"version_affected": "<=", "version_value": "None"}, {"version_affected": "<=", "version_value": "None"}]}}]}, "vendor_name": "Adobe"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction."}]}, "impact": {"cvss": {"attackComplexity": "Low", "attackVector": "Physical", "availabilityImpact": "High", "baseScore": 6.1, "baseSeverity": "High", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)"}]}]}, "references": {"reference_data": [{"name": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html", "refsource": "MISC", "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2021-21068", "datePublished": "2021-03-09T00:00:00", "dateReserved": "2020-12-18T00:00:00", "dateUpdated": "2021-03-12T18:12:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:creative_cloud_desktop_application:*:*:*:*:*:*:*:*", "matchCriteriaId": "065BB65B-7840-48D8-AB5C-0BCE3DC2303C", "versionEndIncluding": "5.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction."}, {"lang": "es", "value": "Adobe Creative Cloud Desktop Application versiones 5.3 (y anteriores), est\u00e1 afectada por una vulnerabilidad de manejo de archivos que podr\u00eda permitir a un atacante causar una sobrescritura de archivos arbitraria. Una explotaci\u00f3n de este problema requiere acceso f\u00edsico e interacci\u00f3n del usuario"}], "id": "CVE-2021-21068", "lastModified": "2023-11-07T03:29:26.013", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.2, "impactScore": 5.9, "source": "psirt@adobe.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-12T19:15:13.723", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-379"}], "source": "psirt@adobe.com", "type": "Primary"}]}