CVE-2021-40776

CWE-379CWE-269Improper Privilege Management3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.3%
top 51.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe LightroomAdobe Lightroom Classic
Timeline
PublishedJun 15
Latest updateJun 16

Description

Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5adobe/lightroom_classicunspecified10.3+1
NVDadobe/lightroom< 10.4

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-94qm-cpmj-pvcv: Adobe Lightroom Classic 102022-06-16
CVEList
Adobe Lightroom Classic DLL Hijacking Local Privilege Escalation Vulnerability2022-06-15
CVE-2021-40776 (MEDIUM CVSS 6.1) | Adobe Lightroom Classic 10.3 (and e | cvebase.io