Lucene search

[email protected]CVE-2021-40158

HistoryJan 25, 2022 - 8:15 p.m.

CVE-2021-40158

2022-01-2520:15:08

CWE-125

[email protected]

web.nvd.nist.gov

cve-2021-40158

autodesk

inventor

autocad

code execution

jt file

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.0%

JSON

A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Affected configurations

NVD

Node

autodeskadvance_steelRange2022–2022.1.2

autodeskautocadRange2022–2022.1.2

autodeskautocad_architectureRange2022–2022.1.2

autodeskautocad_electricalRange2022–2022.1.2

autodeskautocad_ltRange2022–2022.1.2

autodeskautocad_map_3dRange2022–2022.1.2

autodeskautocad_mechanicalRange2022–2022.1.2

autodeskautocad_mepRange2022–2022.1.2

autodeskautocad_plant_3dRange2022–2022.1.2

autodeskcivil_3dRange2022–2022.1.2

autodeskinventorRange2022–2022.2

autodeskinventorMatch2019

autodeskinventorMatch2020

autodeskinventorMatch2021

CPENameOperatorVersion
autodesk:advance_steelautodesk advance steellt2022.1.2
autodesk:autocadautodesk autocadlt2022.1.2
autodesk:autocad_architectureautodesk autocad architecturelt2022.1.2
autodesk:autocad_electricalautodesk autocad electricallt2022.1.2
autodesk:autocad_ltautodesk autocad ltlt2022.1.2
autodesk:autocad_map_3dautodesk autocad map 3dlt2022.1.2
autodesk:autocad_mechanicalautodesk autocad mechanicallt2022.1.2
autodesk:autocad_mepautodesk autocad meplt2022.1.2
autodesk:autocad_plant_3dautodesk autocad plant 3dlt2022.1.2
autodesk:civil_3dautodesk civil 3dlt2022.1.2

CPE	Name	Operator	Version
autodesk:advance_steel	autodesk advance steel	lt	2022.1.2
autodesk:autocad	autodesk autocad	lt	2022.1.2
autodesk:autocad_architecture	autodesk autocad architecture	lt	2022.1.2
autodesk:autocad_electrical	autodesk autocad electrical	lt	2022.1.2
autodesk:autocad_lt	autodesk autocad lt	lt	2022.1.2
autodesk:autocad_map_3d	autodesk autocad map 3d	lt	2022.1.2
autodesk:autocad_mechanical	autodesk autocad mechanical	lt	2022.1.2
autodesk:autocad_mep	autodesk autocad mep	lt	2022.1.2
autodesk:autocad_plant_3d	autodesk autocad plant 3d	lt	2022.1.2
autodesk:civil_3d	autodesk civil 3d	lt	2022.1.2

Rows per page:

1-10 of 141

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Inventor",
    "versions": [
      {
        "version": "2022, 2021, 2020, 2019",
        "status": "affected"
      }
    ]
  }
]

References

www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002

www.zerodayinitiative.com/advisories/ZDI-22-281/

www.zerodayinitiative.com/advisories/ZDI-22-283/

www.zerodayinitiative.com/advisories/ZDI-22-284/

www.zerodayinitiative.com/advisories/ZDI-22-285/

www.zerodayinitiative.com/advisories/ZDI-22-286/

www.zerodayinitiative.com/advisories/ZDI-22-287/

www.zerodayinitiative.com/advisories/ZDI-22-288/

www.zerodayinitiative.com/advisories/ZDI-22-441/

www.zerodayinitiative.com/advisories/ZDI-22-443/

www.zerodayinitiative.com/advisories/ZDI-22-444/

www.zerodayinitiative.com/advisories/ZDI-22-445/

www.zerodayinitiative.com/advisories/ZDI-22-447/

www.zerodayinitiative.com/advisories/ZDI-22-448/

www.zerodayinitiative.com/advisories/ZDI-22-449/

www.zerodayinitiative.com/advisories/ZDI-22-450/

www.zerodayinitiative.com/advisories/ZDI-22-451/

www.zerodayinitiative.com/advisories/ZDI-22-452/

www.zerodayinitiative.com/advisories/ZDI-22-453/

www.zerodayinitiative.com/advisories/ZDI-22-454/

www.zerodayinitiative.com/advisories/ZDI-22-455/

www.zerodayinitiative.com/advisories/ZDI-22-466/

Social References

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.0%

JSON

Related for CVE-2021-40158

zdi21 prion1 nvd1 cvelist1