CVE-2020-9667 : Vulnerability Insights and Analysis
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. Learn about the impact, affected systems, exploitation mechanism, and mitigation steps.
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An attacker with admin privileges could plant custom binaries and execute them with System permissions.
Understanding CVE-2020-9667
What is CVE-2020-9667?
CVE-2020-9667 is an Uncontrolled Search Path Element vulnerability affecting Adobe Genuine Service version 6.6 and earlier. It allows an authenticated attacker with admin privileges to execute custom binaries with System permissions.
The Impact of CVE-2020-9667
This vulnerability has a CVSS base score of 6.5, with high impacts on confidentiality, integrity, and availability. Exploitation requires user interaction and high privileges.
Technical Details of CVE-2020-9667
Vulnerability Description
- Type: Uncontrolled Search Path Element (CWE-427)
- Discovery Date: July 14, 2020
- Vendor: Adobe
Affected Systems and Versions
- Product: GoCart
- Vendor: Adobe
- Versions Affected: <= 6.6
Exploitation Mechanism
- Attack Complexity: Low
- Attack Vector: Local
- Privileges Required: High
- User Interaction: Required
Mitigation and Prevention
Immediate Steps to Take
- Update Adobe Genuine Service to a patched version
- Monitor for any suspicious activities on the system
Long-Term Security Practices
- Implement the principle of least privilege for user accounts
- Regularly review and update security configurations
Patching and Updates
- Apply security patches provided by Adobe