CVE-2021-28568

Description

Adobe Genuine Services version 7.1 (and earlier) is affected by an Insecure file permission vulnerability during installation process. A local authenticated attacker could leverage this vulnerability to achieve privilege escalation in the context of the current user.

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

AttackVector

LOCAL

AttackComplexity

LOW

PrivilegesRequired

HIGH

UserInteraction

REQUIRED

Scope

UNCHANGED

ConfidentialityImpact

HIGH

IntegrityImpact

HIGH

AvailabilityImpact

HIGH

BaseScore

6.5

BaseSeverity

MEDIUM

CvssV2 impact

AccessComplexity

MEDIUM

ConfidentialityImpact

COMPLETE

AvailabilityImpact

COMPLETE

IntegrityImpact

COMPLETE

BaseScore

6.9

VectorString

AV:L/AC:M/Au:N/C:C/I:C/A:C

Version

2.0

AccessVector

LOCAL

Authentication

NONE