#VU30122 Permissions, Privileges, and Access Controls in Creative Cloud Desktop Application - CVE-2020-9671
Published: July 16, 2020
Vulnerability identifier: #VU30122
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-9671
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Creative Cloud Desktop Application
Creative Cloud Desktop Application
Software vendor:
Adobe
Adobe
Description
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to insecure file permissions, which leads to security restrictions bypass and privilege escalation.
Remediation
Install updates from vendor's website.