Detections
Analytics

Foxit Reader < 4.0 Privilege Escalation (macOS)

high Nessus Plugin ID 139329

Language:

Synopsis

A PDF viewer installed on the remote macOS host is affected by multiple vulnerabilities

Description

The version of Foxit Reader for Mac installed on the remote macOS host is prior to 4.0. It is, therefore, affected by a Signature Validation Bypass vulnerability that delivers incorrect validation results when validating certain PDF files that have been modified maliciously or contains non-standard signatures.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Foxit Reader for Mac version 4.0 or later

See Also

http://www.nessus.org/u?a27a3e57

Plugin Details

Severity: High

ID: 139329

File Name: macos_foxit_reader_4_0.nasl

Version: 1.2

Type: local

Agent: macosx

Published: 8/5/2020

Updated: 10/9/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-9592

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Vulnerability Information

CPE: cpe:/a:foxitsoftware:foxit_reader

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, installed_sw/Foxit Reader

Patch Publication Date: 5/6/2020

Vulnerability Publication Date: 5/6/2020

Reference Information

CVE: CVE-2020-9592, CVE-2020-9596