Lucene search

AutodeskCVE-2024-23122

HistoryFeb 22, 2024 - 2:15 a.m.

CVE-2024-23122

2024-02-2202:15:49

CWE-787

autodesk

web.nvd.nist.gov

3363

cve-2024-23122

3dm file

opennurbs.dll

autodesk autocad

out-of-bound write

vulnerability

security

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

16.0%

JSON

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "AutoCAD, Advance Steel and Civil 3D",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2024, 2023, 2022, 2021"
      }
    ]
  }
]

References

www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002

www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004

www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

16.0%

JSON

Related for CVE-2024-23122