CVE-2021-43017

Adobe Creative Cloud version 5.5 (and earlier) are affected by an Application denial of service vulnerability in the Creative Cloud Desktop installer. An authenticated attacker with root privileges could leverage this vulnerability to achieve denial of service by planting a malicious file on the victim's local machine. User interaction is required before product installation to abuse this vulnerability.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:adobe:creative_cloud_desktop_application:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

History

02 Feb 2022, 13:05

Type Values Removed Values Added
CVSS v2 : 3.5
v3 : 5.7
v2 : 3.5
v3 : 4.2

28 Jan 2022, 22:15

Type Values Removed Values Added
CWE NVD-CWE-Other
Summary Adobe Creative Cloud version 5.5 (and earlier) are affected by an Application denial of service vulnerability in the Creative Cloud Desktop installer. An authenticated attacker could leverage this vulnerability to achieve denial of service in the context of the user. User interaction is required before product installation to abuse this vulnerability. Adobe Creative Cloud version 5.5 (and earlier) are affected by an Application denial of service vulnerability in the Creative Cloud Desktop installer. An authenticated attacker with root privileges could leverage this vulnerability to achieve denial of service by planting a malicious file on the victim's local machine. User interaction is required before product installation to abuse this vulnerability.

23 Nov 2021, 01:55

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.2
v2 : 3.5
v3 : 5.7
CPE cpe:2.3:a:adobe:creative_cloud_desktop_application:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
References (MISC) https://helpx.adobe.com/security/products/creative-cloud/apsb21-111.html - (MISC) https://helpx.adobe.com/security/products/creative-cloud/apsb21-111.html - Patch, Vendor Advisory
CWE NVD-CWE-Other

19 Nov 2021, 18:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.0
v2 : unknown
v3 : 4.2

18 Nov 2021, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-11-18 19:15

Updated : 2022-02-02 13:05


NVD link : CVE-2021-43017

Mitre link : CVE-2021-43017


JSON object : View

Products Affected

apple

  • macos

adobe

  • creative_cloud_desktop_application
CWE
CWE-379

Creation of Temporary File in Directory with Insecure Permissions