CVE-2021-44714
Published: 14 January 2022
Summary
CVE-2021-44714 is a low-severity Violation of Secure Design Principles (CWE-657) vulnerability in Adobe Acrobat Dc. Its CVSS base score is 2.5 (Low).
Operationally, ranked in the top 39.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-31530
Vulnerability details
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Violation of Secure Design Principles that could lead to a Security feature bypass. Acrobat Reader DC displays a warning message when a…
more
user clicks on a PDF file, which could be used by an attacker to mislead the user. In affected versions, this warning message does not include custom protocols when used by the sender. User interaction is required to abuse this vulnerability as they would need to click 'allow' on the warning message of a malicious file.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Establishing and updating awareness policy promotes adherence to secure design principles through ongoing training, preventing related violations.
Mandating the policy be consistent with laws, standards, and guidelines enforces secure design principles in security governance and oversight.
Deficiencies violating secure design principles are tracked and corrected through planned actions, limiting attacker opportunities from design flaws.
Documenting, disseminating, and periodically reviewing maintenance policies and procedures enforces core secure design principles for system maintenance activities.
Documented policy with defined scope, roles, responsibilities, and periodic review directly enforces secure design principles and management commitment.
Baseline selection enforces adherence to established secure-design principles rather than ad-hoc or insufficient control choices.
Requires risk determinations for architecture/design decisions, tailoring rationale, and alignment with enterprise architecture to avoid violations of secure design principles.
Regular SSP updates force review of whether the system's evolving design continues to follow documented secure design principles after changes.