Lucene search

AutodeskCVE-2023-25005

HistoryMay 12, 2023 - 9:15 p.m.

CVE-2023-25005

2023-05-1221:15:09

CWE-427

autodesk

web.nvd.nist.gov

cve-2023-25005

dll parsing

resource injection

autodesk infraworks

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

35.3%

JSON

A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.

Affected configurations

Nvd

Node

autodeskinfraworksRange2021.0–2021.2

autodeskinfraworksRange2023.0–2023.1

autodeskinfraworksMatch2021.2-

autodeskinfraworksMatch2021.2hotfix_1

autodeskinfraworksMatch2021.2hotfix_2

autodeskinfraworksMatch2021.2hotfix_3

autodeskinfraworksMatch2021.2hotfix_4

autodeskinfraworksMatch2021.2hotfix_5

autodeskinfraworksMatch2021.2hotfix_6

autodeskinfraworksMatch2021.2hotfix_7

autodeskinfraworksMatch2021.2hotfix_8

autodeskinfraworksMatch2021.2hotfix_9

autodeskinfraworksMatch2023.1-

VendorProductVersionCPE
autodeskinfraworks*cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*
autodeskinfraworks2021.2cpe:2.3:a:autodesk:infraworks:2021.2:-:*:*:*:*:*:*
autodeskinfraworks2021.2cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_1:*:*:*:*:*:*
autodeskinfraworks2021.2cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_2:*:*:*:*:*:*
autodeskinfraworks2021.2cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_3:*:*:*:*:*:*
autodeskinfraworks2021.2cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_4:*:*:*:*:*:*
autodeskinfraworks2021.2cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_5:*:*:*:*:*:*
autodeskinfraworks2021.2cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_6:*:*:*:*:*:*
autodeskinfraworks2021.2cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_7:*:*:*:*:*:*
autodeskinfraworks2021.2cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_8:*:*:*:*:*:*

Vendor	Product	Version	CPE
autodesk	infraworks	*	cpe:2.3:a:autodesk:infraworks::::::::
autodesk	infraworks	2021.2	cpe:2.3:a:autodesk:infraworks:2021.2:-::::::
autodesk	infraworks	2021.2	cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_1::::::
autodesk	infraworks	2021.2	cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_2::::::
autodesk	infraworks	2021.2	cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_3::::::
autodesk	infraworks	2021.2	cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_4::::::
autodesk	infraworks	2021.2	cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_5::::::
autodesk	infraworks	2021.2	cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_6::::::
autodesk	infraworks	2021.2	cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_7::::::
autodesk	infraworks	2021.2	cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_8::::::

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Autodesk InfraWorks",
    "versions": [
      {
        "version": "2023, 2021",
        "status": "affected"
      }
    ]
  }
]

References

www.autodesk.com/trust/security-advisories/adsk-sa-2023-0006

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

35.3%

JSON

Related for CVE-2023-25005