CVE-2020-9688 - Vulnerability Details

Vendors	Products
Adobe	Download Manager
Microsoft	Windows

Link	Providers
https://helpx.adobe.com/security/products/adm/apsb20-49.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Adobe Download Manager", "vendor": "Adobe", "versions": [{"status": "affected", "version": "version 2.0.0.518"}]}], "descriptions": [{"lang": "en", "value": "Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution."}], "problemTypes": [{"descriptions": [{"description": "Command Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-17T00:01:33", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://helpx.adobe.com/security/products/adm/apsb20-49.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2020-9688", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Adobe Download Manager", "version": {"version_data": [{"version_value": "version 2.0.0.518"}]}}]}, "vendor_name": "Adobe"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Command Injection"}]}]}, "references": {"reference_data": [{"name": "https://helpx.adobe.com/security/products/adm/apsb20-49.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/adm/apsb20-49.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:34:39.920Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://helpx.adobe.com/security/products/adm/apsb20-49.html"}]}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2020-9688", "datePublished": "2020-07-17T00:01:33", "dateReserved": "2020-03-02T00:00:00", "dateUpdated": "2024-08-04T10:34:39.920Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Adobe Download Manager (string)

vendor : Adobe (string)

versions : [ »

0 : { »

status : affected (string)

version : version 2.0.0.518 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Command Injection (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-07-17T00:01:33 (string)

orgId : 078d4453-3bcd-4900-85e6-15281da43538 (string)

shortName : adobe (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://helpx.adobe.com/security/products/adm/apsb20-49.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@adobe.com (string)

ID : CVE-2020-9688 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Adobe Download Manager (string)

version : { »

version_data : [ »

0 : { »

version_value : version 2.0.0.518 (string)

}

]

}

]

}

vendor_name : Adobe (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Command Injection (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://helpx.adobe.com/security/products/adm/apsb20-49.html (string)

refsource : CONFIRM (string)

url : https://helpx.adobe.com/security/products/adm/apsb20-49.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T10:34:39.920Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://helpx.adobe.com/security/products/adm/apsb20-49.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 078d4453-3bcd-4900-85e6-15281da43538 (string)

assignerShortName : adobe (string)

cveId : CVE-2020-9688 (string)

datePublished : 2020-07-17T00:01:33 (string)

dateReserved : 2020-03-02T00:00:00 (string)

dateUpdated : 2024-08-04T10:34:39.920Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:download_manager:2.0.0.518:*:*:*:*:*:*:*", "matchCriteriaId": "0A1D8FF8-E763-4A45-AC1A-CF4E2323D125", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution."}, {"lang": "es", "value": "Adobe Download Manager versi\u00f3n 2.0.0.518, presenta una vulnerabilidad de inyecci\u00f3n de comandos. Una explotaci\u00f3n con \u00e9xito podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria"}], "id": "CVE-2020-9688", "lastModified": "2024-11-21T05:41:06.187", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-17T00:15:12.133", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/adm/apsb20-49.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/adm/apsb20-49.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:adobe:download_manager:2.0.0.518:*:*:*:*:*:*:* (string)

matchCriteriaId : 0A1D8FF8-E763-4A45-AC1A-CF4E2323D125 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A2572D17-1DE6-457B-99CC-64AFD54487EA (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. (string)

}

1 : { »

lang : es (string)

value : Adobe Download Manager versión 2.0.0.518, presenta una vulnerabilidad de inyección de comandos. Una explotación con éxito podría conllevar a una ejecución de código arbitraria (string)

}

]

id : CVE-2020-9688 (string)

lastModified : 2024-11-21T05:41:06.187 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 9.3 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:M/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-07-17T00:15:12.133 (string)

references : [ »

0 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://helpx.adobe.com/security/products/adm/apsb20-49.html (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://helpx.adobe.com/security/products/adm/apsb20-49.html (string)

}

]

sourceIdentifier : psirt@adobe.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-77 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object