Cyber Resilience

CVE-2023-29320

High

Published: 10 August 2023

Published
10 August 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0012 30.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-29320 is a high-severity Violation of Secure Design Principles (CWE-657) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 30.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code execution in the context of the current user by bypassing the API blacklisting…

more

feature. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

adobe
acrobat dc
15.008.20082 — 23.003.20269
adobe
acrobat reader dc
15.008.20082 — 23.003.20269
adobe
acrobat
20.001.30005 — 20.005.30516.10516 · 20.001.30005 — 20.005.30514.10514
adobe
acrobat reader
20.001.30005 — 20.005.30516.10516 · 20.001.30005 — 20.005.30514.10514

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-657

Establishing and updating awareness policy promotes adherence to secure design principles through ongoing training, preventing related violations.

addresses: CWE-657

Mandating the policy be consistent with laws, standards, and guidelines enforces secure design principles in security governance and oversight.

addresses: CWE-657

Deficiencies violating secure design principles are tracked and corrected through planned actions, limiting attacker opportunities from design flaws.

addresses: CWE-657

Documenting, disseminating, and periodically reviewing maintenance policies and procedures enforces core secure design principles for system maintenance activities.

addresses: CWE-657

Documented policy with defined scope, roles, responsibilities, and periodic review directly enforces secure design principles and management commitment.

addresses: CWE-657

Baseline selection enforces adherence to established secure-design principles rather than ad-hoc or insufficient control choices.

addresses: CWE-657

Requires risk determinations for architecture/design decisions, tailoring rationale, and alignment with enterprise architecture to avoid violations of secure design principles.

addresses: CWE-657

Regular SSP updates force review of whether the system's evolving design continues to follow documented secure design principles after changes.

References