7.8

CVE-2020-24429

Acrobat Reader DC for macOS Signature Verification Bypass Could Lead to Privilege Escalation

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeAcrobat SwEditionclassic Version <= 20.001.30005
   ApplemacOS Version-
   MicrosoftWindows Version-
AdobeAcrobat Dc SwEditionclassic Version <= 17.011.30175
   ApplemacOS Version-
   MicrosoftWindows Version-
AdobeAcrobat Dc SwEditioncontinuous Version <= 20.012.20048
   ApplemacOS Version-
   MicrosoftWindows Version-
AdobeAcrobat Reader SwEditionclassic Version <= 20.001.30005
   ApplemacOS Version-
   MicrosoftWindows Version-
AdobeAcrobat Reader Dc SwEditionclassic Version <= 17.011.30175
   ApplemacOS Version-
   MicrosoftWindows Version-
AdobeAcrobat Reader Dc SwEditioncontinuous Version <= 20.012.20048
   ApplemacOS Version-
   MicrosoftWindows Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.379
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
psirt@adobe.com 7.7 1 6
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.