CVE-2021-43019
📊 7.8 HIGH⚡ 0.7%🎯 0 exploits
📅 Published Nov 23, 2021
📋 Status: Modified
Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. An unauthenticated attacker could leverage this vulnerability to remove files and escalate privileges under the context of SYSTEM . An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability on the product installer. User interaction is required before product installation to abuse this vulnerability.
CVSS v3.1 • NVD
🎯 Affected Products & Systems
2 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | adobe | creative cloud desktop application | ≤ 5.5 | Vulnerable | cpe:2.3:a:adobe:creative_cloud_desktop_application:*:*:*:*:*:*:*:* |
💻OS | apple | macos | All versions | Not Vulnerable | cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* |
📱
VulnerableApplication
Version: ≤ 5.5
CPE:
cpe:2.3:a:adobe:creative_cloud_desktop_application:*:*:*:*:*:*:*:*
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector:
LOCAL
Complexity:
LOW
Privileges:
NONE
User Interaction:
REQUIRED
Confidentiality:
HIGH
Integrity:
HIGH
Availability:
HIGH
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
ModifiedCVSS Details
7.8 (HIGH)v3.1
Source: [email protected]
EPSS Details
0.7% (Minimal)70.5th percentile
Last updated: Oct 30, 2025
Exploitation probability within 30 days
Published Date
Nov 23, 2021 (3 years ago)
Last Modified
Nov 21, 2024 (11 months ago)
Security Weaknesses2
CWE-732
References2
NVDpatch