Detections
Analytics

Adobe Bridge 11.x < 11.1.1 Multiple Vulnerabilities (APSB21-69)

high Nessus Plugin ID 152630

Language:

Synopsis

Adobe Bridge installed on remote Windows host is affected by a multiple vulnerabilities

Description

The version of Adobe Bridge installed on the remote Windows host is prior to 11.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb21-69 advisory.

 - Out-of-bounds Write (CWE-787) potentially leading to Arbitrary code execution (CVE-2021-36072)

 - Access of Memory Location After End of Buffer (CWE-788) potentially leading to Arbitrary code execution (CVE-2021-36049, CVE-2021-36059, CVE-2021-36067, CVE-2021-36068, CVE-2021-36069, CVE-2021-36076, CVE-2021-36078)

 - Heap-based Buffer Overflow (CWE-122) potentially leading to Arbitrary code execution (CVE-2021-36073)

 - Out-of-bounds Read (CWE-125) potentially leading to Arbitrary code execution (CVE-2021-36079)

 - Out-of-bounds Read (CWE-125) potentially leading to Memory leak (CVE-2021-36074)

 - Buffer Overflow (CWE-120) potentially leading to Arbitrary code execution (CVE-2021-36075)

 - Access of Memory Location After End of Buffer (CWE-788) potentially leading to Application denial-of- service (CVE-2021-36077)

 - Out-of-bounds Read (CWE-125) potentially leading to Arbitrary file system read (CVE-2021-36071)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Adobe Bridge version 11.1.1 or later.

See Also

https://cwe.mitre.org/data/definitions/120.html

https://cwe.mitre.org/data/definitions/122.html

https://cwe.mitre.org/data/definitions/125.html

https://cwe.mitre.org/data/definitions/787.html

https://cwe.mitre.org/data/definitions/788.html

https://helpx.adobe.com/security/products/bridge/apsb21-69.html

Plugin Details

Severity: High

ID: 152630

File Name: adobe_bridge_apsb21-69.nasl

Version: 1.5

Type: local

Agent: windows

Family: Windows

Published: 8/17/2021

Updated: 12/4/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-39817

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:bridge

Required KB Items: installed_sw/Adobe Bridge, SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Patch Publication Date: 8/17/2021

Vulnerability Publication Date: 8/17/2021

Reference Information

CVE: CVE-2021-36049, CVE-2021-36059, CVE-2021-36067, CVE-2021-36068, CVE-2021-36069, CVE-2021-36071, CVE-2021-36072, CVE-2021-36073, CVE-2021-36074, CVE-2021-36075, CVE-2021-36076, CVE-2021-36077, CVE-2021-36078, CVE-2021-36079, CVE-2021-39816, CVE-2021-39817

CWE: 120, 122, 125, 787, 788