Lucene search

AutodeskCVE-2022-33887

HistoryOct 03, 2022 - 3:15 p.m.

CVE-2022-33887

2022-10-0315:15:17

CWE-755

autodesk

web.nvd.nist.gov

pdf

autodesk

autocad

vulnerability

cve-2022-33887

nvd

unhandled exception

data leakage

arbitrary code

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.8%

JSON

A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.

Affected configurations

Nvd

Node

autodeskautocadRange2022–2022.1.3

autodeskautocadRange2023–2023.1.1

autodeskautocad_advance_steelRange2022–2022.1.3

autodeskautocad_advance_steelRange2023–2023.1.1

autodeskautocad_architectureRange2022–2022.1.3

autodeskautocad_architectureRange2023–2023.1.1

autodeskautocad_civil_3dRange2022–2022.1.3

autodeskautocad_civil_3dRange2023–2023.1.1

autodeskautocad_electricalRange2022–2022.1.3

autodeskautocad_electricalRange2023–2023.1.1

autodeskautocad_ltRange2022–2022.1.3

autodeskautocad_ltRange2023–2023.1.1

autodeskautocad_map_3dRange2022–2022.1.3

autodeskautocad_map_3dRange2023–2023.1.1

autodeskautocad_mechanicalRange2022–2022.1.3

autodeskautocad_mechanicalRange2023–2023.1.1

autodeskautocad_mepRange2022–2022.1.3

autodeskautocad_mepRange2023–2023.1.1

autodeskautocad_plant_3dRange2022–2022.1.3

autodeskautocad_plant_3dRange2023–2023.1.1

VendorProductVersionCPE
autodeskautocad*cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
autodeskautocad_advance_steel*cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*
autodeskautocad_architecture*cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
autodeskautocad_civil_3d*cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*
autodeskautocad_electrical*cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
autodeskautocad_lt*cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*
autodeskautocad_map_3d*cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
autodeskautocad_mechanical*cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
autodeskautocad_mep*cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
autodeskautocad_plant_3d*cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
autodesk	autocad	*	cpe:2.3:a:autodesk:autocad::::::::
autodesk	autocad_advance_steel	*	cpe:2.3:a:autodesk:autocad_advance_steel::::::::
autodesk	autocad_architecture	*	cpe:2.3:a:autodesk:autocad_architecture::::::::
autodesk	autocad_civil_3d	*	cpe:2.3:a:autodesk:autocad_civil_3d::::::::
autodesk	autocad_electrical	*	cpe:2.3:a:autodesk:autocad_electrical::::::::
autodesk	autocad_lt	*	cpe:2.3:a:autodesk:autocad_lt::::::::
autodesk	autocad_map_3d	*	cpe:2.3:a:autodesk:autocad_map_3d::::::::
autodesk	autocad_mechanical	*	cpe:2.3:a:autodesk:autocad_mechanical::::::::
autodesk	autocad_mep	*	cpe:2.3:a:autodesk:autocad_mep::::::::
autodesk	autocad_plant_3d	*	cpe:2.3:a:autodesk:autocad_plant_3d::::::::

CNA Affected

[
  {
    "product": "utodesk® AutoCAD®, Advance Steel and Civil 3D®",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "2023, 2022"
      }
    ]
  }
]

References

www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020

Social References

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.8%

JSON

Related for CVE-2022-33887