Id:
CVE-2021-40776
Comment
:
Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability.
CVSSv2 Score:
6.6
Access vector:
|
LOCAL
|
Access complexity:
|
MEDIUM
|
Authentication:
|
SINGLE
|
Confidentiality impact:
|
COMPLETE
|
Integrity impact:
|
COMPLETE
|
Availability impact:
|
COMPLETE
|
CVSSv2 Vector:
AV:L/AC:M/Au:S/C:C/I:C/A:C
CVSSv3 Score:
6.1
Attack vector:
|
PHYSICAL
|
Attack complexity:
|
LOW
|
Privileges required:
|
HIGH
|
User interaction:
|
REQUIRED
|
Scope:
|
UNCHANGED
|
Confidentiality impact:
|
HIGH
|
Integrity impact:
|
HIGH
|
Availability impact:
|
HIGH
|
CVSSv3 Vector:
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
References: