Contáctanos al
1510
Resumen
El Equipo de Respuesta ante Incidentes de Seguridad Informática del Gobierno de Chile, CSIRT de Gobierno, comparte nuevas vulnerabilidades comunicadas por Adobe para algunos de sus productos.
Este informe incluye las medidas de mitigación, consistentes en instalar la última actualización de los productos afectados.
Vulnerabilidades
CVE-2022-24093
CVE-2022-24101
CVE-2022-24103
CVE-2022-24104
CVE-2022-27785
CVE-2022-24102
CVE-2022-27783
CVE-2022-27784
CVE-2022-27786
CVE-2022-27787
CVE-2022-27788
CVE-2022-27789
CVE-2022-27790
CVE-2022-27791
CVE-2022-27792
CVE-2022-27793
CVE-2022-27794
CVE-2022-27795
CVE-2022-27796
CVE-2022-27797
CVE-2022-27798
CVE-2022-27799
CVE-2022-27800
CVE-2022-27801
CVE-2022-27802
CVE-2022-28230
CVE-2022-28231
CVE-2022-28232
CVE-2022-28233
CVE-2022-28234
CVE-2022-28235
CVE-2022-28236
CVE-2022-28237
CVE-2022-28238
CVE-2022-28239
CVE-2022-28240
CVE-2022-28241
CVE-2022-28242
CVE-2022-28243
CVE-2022-28244
CVE-2022-28245
CVE-2022-28246
CVE-2022-28247
CVE-2022-28248
CVE-2022-28249
CVE-2022-28250
CVE-2022-28251
CVE-2022-28252
CVE-2022-28253
CVE-2022-28254
CVE-2022-28255
CVE-2022-28256
CVE-2022-28257
CVE-2022-28258
CVE-2022-28259
CVE-2022-28260
CVE-2022-28261
CVE-2022-28262
CVE-2022-28263
CVE-2022-28264
CVE-2022-28265
CVE-2022-28266
CVE-2022-28267
CVE-2022-28268
CVE-2022-28269
CVE-2022-28270
CVE-2022-28271
CVE-2022-28272
CVE-2022-28273
CVE-2022-28274
CVE-2022-28275
CVE-2022-28276
CVE-2022-28277
CVE-2022-28278
CVE-2022-28279
CVE-2022-24105
CVE-2022-24098
CVE-2022-23205
Impacto
Vulnerabilidades calificadas como de riesgo crítico:
CVE-2022-24093: Vulnerabilidad de ejecución arbitraria de código en Magento Open Source y Adobe Commerce, debido a una validación inapropiada de inputs.
CVE-2022-28270, CVE-2022-28272, CVE-2022-28273, CVE-2022-28274, CVE-2022-28275, CVE-2022-28276, CVE-2022-2827, CVE-2022-28278, CVE-2022-24105 y CVE-2022-23205: Vulnerabilidades de ejecución remota de código, debido a un error de escritura fuera de los límites de la memoria, que afectan a Photoshop.
CVE-2022-28271 y CVE-2022-28279: Vulnerabilidad de ejecución arbitraria de código en Photoshop, debido a errores de uso de memoria luego de ser liberada.
CVE-2022-24098: Vulnerabilidad de ejecución arbitraria de código en Photoshop, debido a una validación inapropiada de inputs.
CVE-2022-24103, CVE-2022-24104, CVE-2022-27785, CVE-2022-24102, CVE-2022-27786, CVE-2022-27789, CVE-2022-27790, CVE-2022-27799, CVE-2022-27800, CVE-2022-27801, CVE-2022-27802, CVE-2022-28230, CVE-2022-28232 y CVE-2022-28233, CVE-2022-27795, CVE-2022-27796, CVE-2022-27797, CVE-2022-28235, CVE-2022-28237, CVE-2022-28238, CVE-2022-28240 y CVE-2022-28242: Vulnerabilidades de ejecución arbitraria de código en Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, Acrobat Reader 2017, debido a errores de uso de memoria luego de ser liberada.
CVE-2022-27787, CVE-2022-27788, CVE-2022-27792, CVE-2022-27793, CVE-2022-27798, CVE-2022-28231, CVE-2022-28236, CVE-2022-28239, CVE-2022-28241 y CVE-2022-28243: Vulnerabilidades de ejecución arbitraria de código en Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, Acrobat Reader 2017, debido a un error de escritura fuera de los límites de la memoria.
CVE-2022-27791 y CVE-2022-28234: Vulnerabilidades de ejecución arbitraria de código en Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, Acrobat Reader 2017, debido a un error de desbordamiento de buffer basado en lotes.
CVE-2022-27794: Vulnerabilidades de ejecución arbitraria de código en Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, Acrobat Reader 2017, debido a un error de tipo “Access of uninitialized pointer”.
Productos afectados
Adobe Commerce 2.4.3-p1 y anteriores, 2.3.7-p2 y anteriores.
Magento Open Source 2.4.3-p1 y anteriores, 2.3.7-p2 y anteriores.
Acrobat DC 22.001.20085 y anteriores.
Acrobat Reader DC 22.001.20085 y anteriores.
Acrobat 2020 20.005.30314 y anteriores (Windows)
Acrobat 2020 20.005.30311 y anteriores (macOS)
Acrobat Reader 2020 20.005.30314 y anteriores (Windows)
Acrobat Reader 2020 20.005.30311 y anteriores (macOS)
Acrobat 2017 17.012.30205 y anteriores.
Acrobat Reader 2017 17.012.30205 y anteriores.
Photoshop 2021 versión 22.5.6 y anteriores.
Photoshop 2022 versión 23.2.2 y anteriores.
Adobe After Effects 22.2.1 y anteriores, 18.4.5 y anteriores.
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Enlaces
https://helpx.adobe.com/security/products/magento/apsb22-13.html
https://helpx.adobe.com/security/products/acrobat/apsb22-16.html
https://helpx.adobe.com/security/products/after_effects/apsb22-19.html
https://helpx.adobe.com/security/products/photoshop/apsb22-20.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24102
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27791
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27792
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27793
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27794
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27796
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27800
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27801
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28231
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28233
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28259
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28279
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23205
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA22-00619-01.