Detections
Analytics
Adobe Character Animator < 4.4 Multiple Vulnerabilities (APSB21-59)
high Nessus Plugin ID 151977
Language:
Synopsis
The version of Adobe Character Animator installed on the remote Windows host is missing a vendor-supplied patch.Description
The version of Adobe Character Animator installed on the remote Windows host is prior to 4.4. It is, therefore, affected by multiple vulnerabilities including the following:- An arbitrary code execution vulnerability exists in Adobe Character Animator. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. (CVE-2021-36000)
- A privilege escalation vulnerability exists in Adobe Character Animator due to an out-of-bounds read. An unauthenticated, local attacker can exploit this to gain privileged access to the system. (CVE-2021-36001)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Adobe Character Animator version 4.4 or later.See Also
Plugin Details
Severity: High
ID: 151977
File Name: adobe_character_animator_apsb21-59.nasl
Version: 1.5
Type: local
Agent: windows
Family: Windows
Published: 7/22/2021
Updated: 1/26/2022
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2021-36000
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:adobe:character_animator
Required KB Items: SMB/Registry/Enumerated, installed_sw/Adobe Character Animator
Exploit Ease: No known exploits are available
Patch Publication Date: 7/20/2021
Vulnerability Publication Date: 7/20/2021
Reference Information
CVE: CVE-2021-36000, CVE-2021-36001
IAVA: 2021-A-0344-S