CVE-2022-34235

Adobe Premiere Elements version 2020v20 (and earlier) is affected by an Uncontrolled Search Path Element which could lead to Privilege Escalation. An attacker could leverage this vulnerability to obtain admin using an existing low-privileged user. Exploitation of this issue does not require user interaction.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://helpx.adobe.com/security/products/premiere_elements/apsb22-43.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:adobe:premiere_elements:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

13 Aug 2022, 02:08

Type	Values Removed	Values Added
References	~~(MISC) https://helpx.adobe.com/security/products/premiere_elements/apsb22-43.html -~~	(MISC) https://helpx.adobe.com/security/products/premiere_elements/apsb22-43.html - Patch, Vendor Advisory
First Time		Adobe Apple macos Microsoft Microsoft windows Apple Adobe premiere Elements
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:o:apple:macos:-:::::::* cpe:2.3:a:adobe:premiere_elements::::::::

11 Aug 2022, 15:29

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-11 15:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-34235

Mitre link : CVE-2022-34235

CVE.ORG link : CVE-2022-34235

JSON object : View

Products Affected

microsoft

windows

apple

macos

adobe

premiere_elements

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2022-34235", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@adobe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-08-11T15:15:12.413", "references": [{"url": "https://helpx.adobe.com/security/products/premiere_elements/apsb22-43.html", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "Adobe Premiere Elements version 2020v20 (and earlier) is affected by an Uncontrolled Search Path Element which could lead to Privilege Escalation. An attacker could leverage this vulnerability to obtain admin using an existing low-privileged user. Exploitation of this issue does not require user interaction."}, {"lang": "es", "value": "Adobe Premiere Elements versiones 2020v20 (y anteriores) est\u00e1 afectada por un elemento de ruta de b\u00fasqueda no controlada que podr\u00eda conllevar a una elevaci\u00f3n de privilegios. Un atacante podr\u00eda aprovechar esta vulnerabilidad para obtener la administraci\u00f3n usando un usuario poco privilegiado. No es requerida una interacci\u00f3n del usuario para la explotaci\u00f3n de este problema"}], "lastModified": "2022-08-13T02:08:34.083", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:premiere_elements:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "173C13EA-0817-417D-BE79-BC63C903D9C8", "versionEndIncluding": "2020.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@adobe.com"}