7.8

CVE-2020-24429

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeAcrobat SwEditionclassic Version <= 20.001.30005
   ApplemacOS Version-
   MicrosoftWindows Version-
AdobeAcrobat Dc SwEditionclassic Version <= 17.011.30175
   ApplemacOS Version-
   MicrosoftWindows Version-
AdobeAcrobat Dc SwEditioncontinuous Version <= 20.012.20048
   ApplemacOS Version-
   MicrosoftWindows Version-
AdobeAcrobat Reader SwEditionclassic Version <= 20.001.30005
   ApplemacOS Version-
   MicrosoftWindows Version-
AdobeAcrobat Reader Dc SwEditionclassic Version <= 17.011.30175
   ApplemacOS Version-
   MicrosoftWindows Version-
AdobeAcrobat Reader Dc SwEditioncontinuous Version <= 20.012.20048
   ApplemacOS Version-
   MicrosoftWindows Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.28
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
psirt@adobe.com 7.7 1 6
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.