CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
95.6%
The version of Adobe Photoshop CC installed on the remote macOS or Mac OS X host is equal or prior to 19.1.8 (2018.1.8), 20.0.5 (2019.0.5). It is, therefore, affected by the vulnerabilities as referenced in the apsb19-15 advisory.
An heap-overflow flaw exists that allows remote attackers to execute arbitrary commands via unspecified means.
(CVE-2019-7978, CVE-2019-7980, CVE-2019-7985, CVE-2019-7990, CVE-2019-7993)
A type-confusion flaw exists that allows remote attackers to execute arbitrary commands via unspecified means.
(CVE-2019-7969, CVE-2019-7970, CVE-2019-7971, CVE-2019-7972, CVE-2019-7973, CVE-2019-7974, CVE-2019-7975)
An out-of-bounds read flaw exists that allows remote attackers to execute arbitrary commands via unspecified means.
(CVE-2019-7977, CVE-2019-7981, CVE-2019-7987, CVE-2019-7991, CVE-2019-7992, CVE-2019-7995, CVE-2019-7996, CVE-2019-7997, CVE-2019-7998, CVE-2019-7999, CVE-2019-8000, CVE-2019-8001)
A command injection flaw exists that allows remote attackers to execute arbitrary commands via unspecified means.
(CVE-2019-7968, CVE-2019-7989)
An out-of-bounds write flaw exists that allows remote attackers to execute arbitrary commands via unspecified means.
(CVE-2019-7976, CVE-2019-7979, CVE-2019-7982, CVE-2019-7983, CVE-2019-7984, CVE-2019-7986, CVE-2019-7988, CVE-2019-7994)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(127898);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/20");
script_cve_id(
"CVE-2019-7968",
"CVE-2019-7969",
"CVE-2019-7970",
"CVE-2019-7971",
"CVE-2019-7972",
"CVE-2019-7973",
"CVE-2019-7974",
"CVE-2019-7975",
"CVE-2019-7976",
"CVE-2019-7977",
"CVE-2019-7978",
"CVE-2019-7979",
"CVE-2019-7980",
"CVE-2019-7981",
"CVE-2019-7982",
"CVE-2019-7983",
"CVE-2019-7984",
"CVE-2019-7985",
"CVE-2019-7986",
"CVE-2019-7987",
"CVE-2019-7988",
"CVE-2019-7989",
"CVE-2019-7990",
"CVE-2019-7991",
"CVE-2019-7992",
"CVE-2019-7993",
"CVE-2019-7994",
"CVE-2019-7995",
"CVE-2019-7996",
"CVE-2019-7997",
"CVE-2019-7998",
"CVE-2019-7999",
"CVE-2019-8000",
"CVE-2019-8001"
);
script_name(english:"Adobe Photoshop CC 19.x <= 19.1.8 / 20.x <= 20.0.5 Vulnerability (APSB19-15)");
script_summary(english:"Checks the version of Adobe Photoshop.");
script_set_attribute(attribute:"synopsis", value:
"Adobe Photoshop installed on remote macOS or Mac OS X host is affected
by multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"The version of Adobe Photoshop CC installed on the remote macOS or Mac
OS X host is equal or prior to 19.1.8 (2018.1.8), 20.0.5 (2019.0.5). It is,
therefore, affected by the vulnerabilities as referenced in the apsb19-15
advisory.
- An heap-overflow flaw exists that allows remote attackers
to execute arbitrary commands via unspecified means.
(CVE-2019-7978, CVE-2019-7980, CVE-2019-7985,
CVE-2019-7990, CVE-2019-7993)
- A type-confusion flaw exists that allows remote attackers
to execute arbitrary commands via unspecified means.
(CVE-2019-7969, CVE-2019-7970, CVE-2019-7971,
CVE-2019-7972, CVE-2019-7973, CVE-2019-7974,
CVE-2019-7975)
- An out-of-bounds read flaw exists that allows remote attackers
to execute arbitrary commands via unspecified means.
(CVE-2019-7977, CVE-2019-7981, CVE-2019-7987,
CVE-2019-7991, CVE-2019-7992, CVE-2019-7995,
CVE-2019-7996, CVE-2019-7997, CVE-2019-7998,
CVE-2019-7999, CVE-2019-8000, CVE-2019-8001)
- A command injection flaw exists that allows remote attackers
to execute arbitrary commands via unspecified means.
(CVE-2019-7968, CVE-2019-7989)
- An out-of-bounds write flaw exists that allows remote attackers
to execute arbitrary commands via unspecified means.
(CVE-2019-7976, CVE-2019-7979, CVE-2019-7982,
CVE-2019-7983, CVE-2019-7984, CVE-2019-7986,
CVE-2019-7988, CVE-2019-7994)
Note that Nessus has not tested for these issues but has instead relied
only on the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/photoshop/apsb19-44.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Photoshop CC version 19.1.9 (2018.1.9), 20.0.6
(2019.0.6) or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8001");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/13");
script_set_attribute(attribute:"patch_publication_date", value:"2019/08/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:photoshop_cc");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_adobe_photoshop_installed.nasl");
script_require_keys("Host/MacOSX/Version", "installed_sw/Adobe Photoshop");
exit(0);
}
include("vcf.inc");
get_kb_item_or_exit("Host/MacOSX/Version");
app_info = vcf::get_app_info(app:"Adobe Photoshop");
if ("CC" >!< app_info.name) vcf::vcf_exit(0, "Only Adobe Photoshop CC is affected.");
vcf::check_granularity(app_info:app_info, sig_segments:2);
constraints = [
{ "min_version" : "19", max_version : "19.1.8", "fixed_version" : "19.1.9" },
{ "min_version" : "20", max_version : "20.0.5", "fixed_version" : "20.0.6" }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7968
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7969
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7970
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7971
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7972
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7973
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7975
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7976
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7977
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7978
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7979
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7980
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7981
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7982
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7983
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7984
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7985
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7986
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7987
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7988
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7989
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7990
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7991
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7992
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7993
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7994
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7995
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7996
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7997
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7998
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7999
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8000
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8001
helpx.adobe.com/security/products/photoshop/apsb19-44.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
95.6%