CVE-2021-43019

Summary

Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. An unauthenticated attacker could leverage this vulnerability to remove files and escalate privileges under the context of SYSTEM . An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability on the product installer. User interaction is required before product installation to abuse this vulnerability.

Affected Software

VendorProductVersion RangeStatus
AdobeCreative Cloud (desktop component)unspecified <= 5.5affected
AdobeCreative Cloud (desktop component)unspecified <= Noneaffected

Weaknesses

  • CWE-732: Incorrect Permission Assignment for Critical Resource (CWE-732)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References