AutodeskCVE-2021-27043CVE-2021-27043
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
44.0%
An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| autodesk | advance_steel | * | cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:* |
| autodesk | autocad | * | cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* |
| autodesk | autocad_architecture | * | cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* |
| autodesk | autocad_electrical | * | cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* |
| autodesk | autocad_lt | * | cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* |
| autodesk | autocad_map_3d | * | cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* |
| autodesk | autocad_mechanical | * | cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* |
| autodesk | autocad_mep | * | cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* |
| autodesk | autocad_plant_3d | * | cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* |
| autodesk | civil_3d | * | cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022.1.1"
}
]
}
]Social References
More
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
44.0%