9VSA22-00658-01 CSIRT alerta de nuevas vulnerabilidades en productos Adobe
El CSIRT de Gobierno comparte información compartida por Adobe sobre nuevas vulnerabilidades que afectan a algunos de sus productos.
Resumen
El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT de Gobierno, comparte información compartida por Adobe sobre nuevas vulnerabilidades que afectan a algunos de sus productos.
Vulnerabilidades
CVE-2022-30664
CVE-2022-28839
CVE-2022-28840
CVE-2022-28841
CVE-2022-28842
CVE-2022-28843
CVE-2022-28844
CVE-2022-28845
CVE-2022-28846
CVE-2022-28847
CVE-2022-28848
CVE-2022-28849
CVE-2022-30650
CVE-2022-30651
CVE-2022-30658
CVE-2022-30659
CVE-2022-30661
CVE-2022-30662
CVE-2022-30663
CVE-2022-30665
CVE-2022-30660
CVE-2022-30652
CVE-2022-30653
CVE-2022-30654
CVE-2022-30655
CVE-2022-30656
CVE-2022-30657
CVE-2022-28850
CVE-2022-30637
CVE-2022-30638
CVE-2022-30639
CVE-2022-30640
CVE-2022-30641
CVE-2022-30642
CVE-2022-30643
CVE-2022-30644
CVE-2022-30645
CVE-2022-30646
CVE-2022-30647
CVE-2022-30648
CVE-2022-30649
CVE-2022-30666
CVE-2022-30667
CVE-2022-30668
CVE-2022-30669
CVE-2022-30670
Impacto
Vulnerabilidades de riesgo crítico:
CVE-2022-30664: Vulnerabilidad de ejecución arbitraria de código en Adobe Animate.
CVE-2022-28839 y de CVE-2022-28841 a CVE-2022-28849: Vulnerabilidades de ejecución arbitraria de código en Adobe Bridge.
CVE-2022-28840: Vulnerabilidad de escritura arbitraria en el sistema de archivos en Adobe Bridge.
CVE-2022-30637 a CVE-2022-30649: Vulnerabilidades de ejecución arbitraria de código en Adobe Illustrator.
CVE-2022-30650 a CVE-2022-30663 y CVE-2022-30665: Vulnerabilidades de ejecución arbitraria de código en Adobe InCopy.
Productos afectados
Adobe Animate 22.0.5 y anteriores.
Adobe Bridge 12.0.1 y anteriores.
Adobe Illustrator 2022 26.0.2 y anteriores.
Adobe Illustrator 2021 25.4.5 y anteriores.
Adobe InCopy 17.2 y anteriores.
RoboHelp Server 11
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Enlaces
https://helpx.adobe.com/security/products/animate/apsb22-24.html
https://helpx.adobe.com/security/products/bridge/apsb22-25.html
https://helpx.adobe.com/security/products/illustrator/apsb22-26.html
https://helpx.adobe.com/security/products/incopy/apsb22-29.html
https://helpx.adobe.com/security/products/indesign/apsb22-30.html
https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28841
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28842
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30654
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30657
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30637
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30640
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30641
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30642
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30643
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30644
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30645
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30646
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30666
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30667
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30668
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30669
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30670
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA22-00658-01.