Vulnerability Description
Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. An unauthenticated attacker could leverage this vulnerability to remove files and escalate privileges under the context of SYSTEM . An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability on the product installer. User interaction is required before product installation to abuse this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Creative Cloud Desktop Application | <= 5.5 |
| Apple | Macos | - |
Related Weaknesses (CWE)
References
- https://helpx.adobe.com/security/products/creative-cloud/apsb21-111.htmlPatchVendor Advisory
- https://helpx.adobe.com/security/products/creative-cloud/apsb21-111.htmlPatchVendor Advisory
FAQ
What is CVE-2021-43019?
CVE-2021-43019 is a vulnerability with a CVSS score of 7.8 (HIGH). Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. An unauthenticated attacker could leverage this...
How severe is CVE-2021-43019?
CVE-2021-43019 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-43019?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Creative Cloud Desktop Application, Apple Macos.