Lucene search

[email protected]NVD:CVE-2024-23137

HistoryFeb 22, 2024 - 5:15 a.m.

CVE-2024-23137

2024-02-2205:15:09

CWE-457

[email protected]

web.nvd.nist.gov

cve-2024-23137

stp

sldprt

uninitialized variable

code execution

autodesk autocad

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

16.0%

JSON

A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

References

www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002

www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004

www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

16.0%

JSON

Related for NVD:CVE-2024-23137

prion1 vulnrichment1 zdi3 cve1 cvelist1 nessus2