Lucene search

[email protected]CVE-2019-7364

HistoryAug 23, 2019 - 8:15 p.m.

CVE-2019-7364

2019-08-2320:15:10

CWE-427

[email protected]

web.nvd.nist.gov

105

cve-2019-7364

dll preloading

autodesk

advanced steel

civil 3d

autocad

autocad lt

autocad architecture

autocad electrical

autocad map 3d

autocad mechanical

autocad mep

autocad plant 3d

autocad p&id

code execution

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.6%

JSON

DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.

Affected configurations

NVD

Node

autodeskadvance_steelMatch2017

autodeskadvance_steelMatch2018

autodeskadvance_steelMatch2019

autodeskadvance_steelMatch2020

autodeskautocadMatch2017

autodeskautocadMatch2018

autodeskautocadMatch2019

autodeskautocadMatch2020

autodeskautocad_architectureMatch2017

autodeskautocad_architectureMatch2018

autodeskautocad_architectureMatch2019

autodeskautocad_architectureMatch2020

autodeskautocad_electricalMatch2017

autodeskautocad_electricalMatch2018

autodeskautocad_electricalMatch2019

autodeskautocad_electricalMatch2020

autodeskautocad_ltMatch2017

autodeskautocad_ltMatch2018

autodeskautocad_ltMatch2019

autodeskautocad_ltMatch2020

autodeskautocad_map_3dMatch2017

autodeskautocad_map_3dMatch2018

autodeskautocad_map_3dMatch2019

autodeskautocad_map_3dMatch2020

autodeskautocad_mechanicalMatch2017

autodeskautocad_mechanicalMatch2018

autodeskautocad_mechanicalMatch2019

autodeskautocad_mechanicalMatch2020

autodeskautocad_mepMatch2017

autodeskautocad_mepMatch2018

autodeskautocad_mepMatch2019

autodeskautocad_mepMatch2020

autodeskautocad_p\&idMatch2017

autodeskautocad_plant_3dMatch2017

autodeskautocad_plant_3dMatch2018

autodeskautocad_plant_3dMatch2019

autodeskautocad_plant_3dMatch2020

autodeskcivil_3dMatch2017

autodeskcivil_3dMatch2018

autodeskcivil_3dMatch2019

autodeskcivil_3dMatch2020

CPENameOperatorVersion
autodesk:advance_steelautodesk advance steeleq2017
autodesk:advance_steelautodesk advance steeleq2018
autodesk:advance_steelautodesk advance steeleq2019
autodesk:advance_steelautodesk advance steeleq2020
autodesk:autocadautodesk autocadeq2017
autodesk:autocadautodesk autocadeq2018
autodesk:autocadautodesk autocadeq2019
autodesk:autocadautodesk autocadeq2020
autodesk:autocad_architectureautodesk autocad architectureeq2017
autodesk:autocad_architectureautodesk autocad architectureeq2018

CPE	Name	Operator	Version
autodesk:advance_steel	autodesk advance steel	eq	2017
autodesk:advance_steel	autodesk advance steel	eq	2018
autodesk:advance_steel	autodesk advance steel	eq	2019
autodesk:advance_steel	autodesk advance steel	eq	2020
autodesk:autocad	autodesk autocad	eq	2017
autodesk:autocad	autodesk autocad	eq	2018
autodesk:autocad	autodesk autocad	eq	2019
autodesk:autocad	autodesk autocad	eq	2020
autodesk:autocad_architecture	autodesk autocad architecture	eq	2017
autodesk:autocad_architecture	autodesk autocad architecture	eq	2018

Rows per page:

1-10 of 411

CNA Affected

[
  {
    "product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D, AutoCAD P&ID",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "2017, 2018, 2019, 2020"
      }
    ]
  }
]

References

www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.6%

JSON

Related for CVE-2019-7364

prion1 nvd1 cvelist1