PatchSiren cyber security CVE debrief
CVE-2023-4665 Adobe CVE debrief
CVE-2023-4665 is a high-severity privilege escalation vulnerability in Adobe Connect before 9.0. NVD describes it as an incorrect execution-assigned permissions issue, with a CVSS 3.1 score of 8.8 and a vector indicating network access, low privileges, no user interaction, and high impact to confidentiality, integrity, and availability. The NVD record also points to third-party advisories from USOM. There is no KEV listing in the supplied corpus.
- Vendor
- Adobe
- Product
- Connect
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-09-15
- Original CVE updated
- 2026-05-21
- Advisory published
- 2023-09-15
- Advisory updated
- 2026-05-21
Who should care
Organizations running Adobe Connect, especially any deployment exposed to untrusted users or reachable from the internet, should treat this as a priority remediation item. Administrators responsible for identity, authorization, and application access control in Adobe Connect should verify version level and review privilege boundaries.
Technical summary
The supplied NVD data maps CVE-2023-4665 to cpe:2.3:a:adobe:connect:* with vulnerable versions ending before 9.0. The weakness is recorded as CWE-732 by NVD, with a secondary CWE-279 reference from USOM. The issue is framed as incorrect execution-assigned permissions that can allow privilege escalation. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a remotely reachable issue that can be exercised by a low-privileged actor without user interaction and with potentially severe impact.
Defensive priority
High. Apply remediation promptly for any Adobe Connect instance below 9.0, with extra urgency for externally accessible environments or systems that host sensitive meetings, recordings, or administrative functions.
Recommended defensive actions
- Confirm whether any Adobe Connect deployment is running a version earlier than 9.0.
- Prioritize upgrading or otherwise remediating affected instances to a fixed release if available from the vendor.
- Restrict network exposure to Adobe Connect administrative and application interfaces while remediation is pending.
- Review role, permission, and execution boundaries in Adobe Connect for accounts with elevated or delegated access.
- Monitor authentication and authorization logs for abnormal privilege changes or access patterns around the application.
- Track vendor and trusted advisory guidance, including the linked USOM notices, for any additional remediation notes.
Evidence notes
This debrief is based only on the supplied NVD-modified source item and linked official/third-party advisories. Key evidence includes the NVD CPE criterion for adobe:connect with versionEndExcluding 9.0, the CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and NVD/USOM weakness references (CWE-732 primary, CWE-279 secondary). The CVE was published on 2023-09-15 and later modified in NVD on 2026-05-21; those dates are used only as record timeline context. The corpus does not indicate KEV status or known ransomware campaign use.
Official resources
-
CVE-2023-4665 CVE record
CVE.org
-
CVE-2023-4665 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
Published by the CVE/NVD record on 2023-09-15; NVD record modified on 2026-05-21. No KEV entry is included in the supplied corpus.