Lucene search

AutodeskCVE-2024-23137

HistoryFeb 22, 2024 - 5:15 a.m.

CVE-2024-23137

2024-02-2205:15:09

CWE-457

autodesk

web.nvd.nist.gov

3369

malware

stp

sldprt

vulnerability

code execution

autodesk autocad

security

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

EPSS

Percentile

16.0%

JSON

A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "AutoCAD, Advance Steel and Civil 3D",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2024, 2023, 2022, 2021"
      }
    ]
  }
]

References

www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002

www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004

www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

EPSS

Percentile

16.0%

JSON

Related for CVE-2024-23137