CVE Vulnerabilities

CVE-2020-24429

Improper Verification of Cryptographic Signature

Published: Nov 05, 2020 | Modified: Sep 08, 2021
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Weakness

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Affected Software

Name Vendor Start Version End Version
Acrobat Adobe * 20.001.30005 (including)
Acrobat_dc Adobe * 17.011.30175 (including)
Acrobat_dc Adobe * 20.012.20048 (including)
Acrobat_reader Adobe * 20.001.30005 (including)
Acrobat_reader_dc Adobe * 17.011.30175 (including)
Acrobat_reader_dc Adobe * 20.012.20048 (including)

References