1. Home
  2. CVE Database
  3. CVE-2020-24429
HIGH · 7.7

CVE-2020-24429

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in lo...

Vulnerability Description

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS Score

7.7

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
AdobeAcrobat<= 20.001.30005
AdobeAcrobat Dc<= 17.011.30175
AdobeAcrobat Reader<= 20.001.30005
AdobeAcrobat Reader Dc<= 17.011.30175
AppleMacos-
MicrosoftWindows-

Related Weaknesses (CWE)

CWE-347

References

FAQ

What is CVE-2020-24429?

CVE-2020-24429 is a vulnerability with a CVSS score of 7.7 (HIGH). Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in lo...

How severe is CVE-2020-24429?

CVE-2020-24429 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-24429?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Acrobat, Adobe Acrobat Dc, Adobe Acrobat Reader, Adobe Acrobat Reader Dc, Apple Macos.