CVE-2021-40776 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2021-40776

Analyzed

More Info Official Page

Source-psirt@adobe.com

Published At-15 Jun, 2022 | 19:15

Updated At-07 Nov, 2022 | 18:17

Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.1	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Secondary	3.1	6.1	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	6.6	MEDIUM	AV:L/AC:M/Au:S/C:C/I:C/A:C

Type: Primary

Version: 3.1

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 6.6

Base severity: MEDIUM

Vector:

AV:L/AC:M/Au:S/C:C/I:C/A:C

CPE Matches

>>lightroom>>Versions before 10.4(exclusive)

cpe:2.3:a:adobe:lightroom:*:*:*:*:classic:*:*:*

>>macos>>-

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Microsoft Corporation

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov
CWE-379	Secondary	psirt@adobe.com

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-379

Type: Secondary

Source: psirt@adobe.com

References

Hyperlink	Source	Resource
https://helpx.adobe.com/security/products/lightroom/apsb21-97.html	psirt@adobe.com	Patch Vendor Advisory

Hyperlink: https://helpx.adobe.com/security/products/lightroom/apsb21-97.html

Source: psirt@adobe.com

Resource:

Patch

Vendor Advisory