CVE-2023-21611 : Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earl

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published 2023-01-18 19:15:12

Updated 2023-01-26 18:19:12

Source Adobe Systems Incorporated

View at NVD, CVE.org

Vulnerability category: Gain privilege

Products affected by CVE-2023-21611

Adobe » Acrobat Reader » Classic Edition
Versions from including (>=) 20.001.30005 and up to, including, (<=) 20.005.30418
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat » Classic Edition
Versions from including (>=) 20.001.30005 and up to, including, (<=) 20.005.30418
cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat Dc » Continuous Edition
Versions from including (>=) 15.008.20082 and up to, including, (<=) 22.003.20282
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat Dc » Continuous Edition
Versions from including (>=) 15.008.20082 and up to, including, (<=) 22.003.20281
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
Adobe » Acrobat Reader Dc » Continuous Edition
Versions from including (>=) 15.008.20082 and up to, including, (<=) 22.003.20281
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
Adobe » Acrobat Reader Dc » Continuous Edition
Versions from including (>=) 15.008.20082 and up to, including, (<=) 22.003.20282
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-21611

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 23 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-21611

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	Adobe Systems Incorporated
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-21611

CWE-379 Creation of Temporary File in Directory with Insecure Permissions

The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.

Assigned by: psirt@adobe.com (Secondary)
CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-21611

https://helpx.adobe.com/security/products/acrobat/apsb23-01.html

Adobe Security Bulletin
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-21611

Products affected by CVE-2023-21611

Exploit prediction scoring system (EPSS) score for CVE-2023-21611

CVSS scores for CVE-2023-21611

CWE ids for CVE-2023-21611

References for CVE-2023-21611