CVE-2022-33881

2022-07-2916:15:09

CWE-125

[email protected]

web.nvd.nist.gov

cve-2022-33881

vulnerability

autocad

code execution

security

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

29.0%

JSON

Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Affected configurations

NVD

Node

autodeskautocadMatch2023

autodeskautocad_advance_steelMatch2023

autodeskautocad_architectureMatch2023

autodeskautocad_civil_3dMatch2023

autodeskautocad_electricalMatch2023

autodeskautocad_ltMatch2023

autodeskautocad_map_3dMatch2023

autodeskautocad_mechanicalMatch2023

autodeskautocad_mepMatch2023

autodeskautocad_plant_3dMatch2023

CPENameOperatorVersion
autodesk:autocadautodesk autocadeq2023
autodesk:autocad_advance_steelautodesk autocad advance steeleq2023
autodesk:autocad_architectureautodesk autocad architectureeq2023
autodesk:autocad_civil_3dautodesk autocad civil 3deq2023
autodesk:autocad_electricalautodesk autocad electricaleq2023
autodesk:autocad_ltautodesk autocad lteq2023
autodesk:autocad_map_3dautodesk autocad map 3deq2023
autodesk:autocad_mechanicalautodesk autocad mechanicaleq2023
autodesk:autocad_mepautodesk autocad mepeq2023
autodesk:autocad_plant_3dautodesk autocad plant 3deq2023

CPE	Name	Operator	Version
autodesk:autocad	autodesk autocad	eq	2023
autodesk:autocad_advance_steel	autodesk autocad advance steel	eq	2023
autodesk:autocad_architecture	autodesk autocad architecture	eq	2023
autodesk:autocad_civil_3d	autodesk autocad civil 3d	eq	2023
autodesk:autocad_electrical	autodesk autocad electrical	eq	2023
autodesk:autocad_lt	autodesk autocad lt	eq	2023
autodesk:autocad_map_3d	autodesk autocad map 3d	eq	2023
autodesk:autocad_mechanical	autodesk autocad mechanical	eq	2023
autodesk:autocad_mep	autodesk autocad mep	eq	2023
autodesk:autocad_plant_3d	autodesk autocad plant 3d	eq	2023

CNA Affected

[
  {
    "product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "2023"
      }
    ]
  }
]