Lucene search

[email protected]CVE-2021-40161

HistoryDec 23, 2021 - 7:15 p.m.

CVE-2021-40161

2021-12-2319:15:12

CWE-787

[email protected]

web.nvd.nist.gov

cve-2021-40161

memory corruption

pdftron

dll files

code execution

security vulnerability

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

28.7%

JSON

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.

Affected configurations

NVD

Node

autodeskrevitRange<2020.2.5

autodeskrevitRange2021–2021.1.6

autodeskrevitRange2022–2022.1.2

Node

autodesknavisworksRange<2019.6

autodesknavisworksRange2020–2020.4

autodesknavisworksRange2021–2021.3

autodesknavisworksRange2022–2022.2

Node

autodeskadvance_steelRange<2019.1.4

autodeskadvance_steelRange2020–2020.1.5

autodeskadvance_steelRange2021–2021.1.2

autodeskadvance_steelRange2022–2022.1.2

Node

autodeskautocadRange<2019.1.4

autodeskautocadRange2020–2020.1.5

autodeskautocadRange2021–2021.1.2

autodeskautocadRange2022–2022.1.2

Node

autodeskautocad_architectureRange<2019.1.4

autodeskautocad_architectureRange2020–2020.1.5

autodeskautocad_architectureRange2021–2021.1.2

autodeskautocad_architectureRange2022–2022.1.2

Node

autodeskautocad_electricalRange<2019.1.4

autodeskautocad_electricalRange2020–2020.1.5

autodeskautocad_electricalRange2021–2021.1.2

autodeskautocad_electricalRange2022–2022.1.2

Node

autodeskautocad_map_3dRange<2019.1.4

autodeskautocad_map_3dRange2020–2020.1.5

autodeskautocad_map_3dRange2021–2021.1.2

autodeskautocad_map_3dRange2022–2022.1.2

Node

autodeskautocad_mechanicalRange<2019.1.4

autodeskautocad_mechanicalRange2020–2020.1.5

autodeskautocad_mechanicalRange2021–2021.1.2

autodeskautocad_mechanicalRange2022–2022.1.2

Node

autodeskautocad_mepRange<2019.1.4

autodeskautocad_mepRange2020–2020.1.5

autodeskautocad_mepRange2021–2021.1.2

autodeskautocad_mepRange2022–2022.1.2

Node

autodeskautocad_plant_3dRange<2019.1.4

autodeskautocad_plant_3dRange2020–2020.1.5

autodeskautocad_plant_3dRange2021–2021.1.2

autodeskautocad_plant_3dRange2022–2022.1.2

Node

autodeskautocad_ltRange<2019.1.4

autodeskautocad_ltRange2020–2020.1.5

autodeskautocad_ltRange2021–2021.1.2

autodeskautocad_ltRange2022–2022.1.2

Node

autodeskcivil_3dRange<2019.1.4

autodeskcivil_3dRange2020–2020.1.5

autodeskcivil_3dRange2021–2021.1.2

autodeskcivil_3dRange2022–2022.1.2

Node

autodeskautocadRange2022–2022.2macos

autodeskautocadMatch2020macos

autodeskautocadMatch2021macos

autodeskautocadMatch2022macos

Node

autodeskautocad_ltRange2022–2022.2macos

autodeskautocad_ltMatch2020macos

autodeskautocad_ltMatch2021macos

Node

autodeskdesign_reviewMatch2018-

autodeskdesign_reviewMatch2018hotfix

autodeskdesign_reviewMatch2018hotfix2

autodeskdesign_reviewMatch2018hotfix3

autodeskdesign_reviewMatch2018hotfix4

CPENameOperatorVersion
autodesk:revitautodesk revitlt2020.2.5
autodesk:revitautodesk revitlt2021.1.6
autodesk:revitautodesk revitlt2022.1.2

CPE	Name	Operator	Version
autodesk:revit	autodesk revit	lt	2020.2.5
autodesk:revit	autodesk revit	lt	2021.1.6
autodesk:revit	autodesk revit	lt	2022.1.2

CNA Affected

[
  {
    "product": "Revit, Navisworks, Autodesk® Advance Steel, AutoCAD®, AutoCAD® Architecture, AutoCAD® Electrical, AutoCAD® Map 3D, AutoCAD® Mechanical, AutoCAD® MEP, AutoCAD® Plant 3D, AutoCAD® LT,  Autodesk® Civil 3D, AutoCAD® Mac, AutoCAD® LT for Mac",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 9.0.7"
      }
    ]
  }
]

References

www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010

Social References

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

28.7%

JSON

Related for CVE-2021-40161

cvelist1 cnvd1 nvd1 prion1