Lucene search

[email protected]CVE-2019-7360

HistoryApr 09, 2019 - 8:30 p.m.

CVE-2019-7360

2019-04-0920:30:21

CWE-416

[email protected]

web.nvd.nist.gov

cve-2019-7360

dxf

parsing

use-after-free

vulnerability

autodesk

advance steel

autocad

architecture

electrical

map 3d

mechanical

mep

p&id

plant 3d

civil 3d

code execution

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

38.8%

JSON

An exploitable use-after-free vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may trigger a use-after-free, resulting in code execution.

Affected configurations

NVD

Node

autodeskadvance_steelMatch2018

autodeskautocadMatch2018

autodeskautocad_architectureMatch2018

autodeskautocad_electricalMatch2018

autodeskautocad_ltMatch2018

autodeskautocad_map_3dMatch2018

autodeskautocad_mechanicalMatch2018

autodeskautocad_mepMatch2018

autodeskautocad_p\&idMatch2018

autodeskautocad_plant_3dMatch2018

autodeskcivil_3dMatch2018

CPENameOperatorVersion
autodesk:advance_steelautodesk advance steeleq2018
autodesk:autocadautodesk autocadeq2018
autodesk:autocad_architectureautodesk autocad architectureeq2018
autodesk:autocad_electricalautodesk autocad electricaleq2018
autodesk:autocad_ltautodesk autocad lteq2018
autodesk:autocad_map_3dautodesk autocad map 3deq2018
autodesk:autocad_mechanicalautodesk autocad mechanicaleq2018
autodesk:autocad_mepautodesk autocad mepeq2018
autodesk:autocad_p\&idautodesk autocad p&ideq2018
autodesk:autocad_plant_3dautodesk autocad plant 3deq2018

CPE	Name	Operator	Version
autodesk:advance_steel	autodesk advance steel	eq	2018
autodesk:autocad	autodesk autocad	eq	2018
autodesk:autocad_architecture	autodesk autocad architecture	eq	2018
autodesk:autocad_electrical	autodesk autocad electrical	eq	2018
autodesk:autocad_lt	autodesk autocad lt	eq	2018
autodesk:autocad_map_3d	autodesk autocad map 3d	eq	2018
autodesk:autocad_mechanical	autodesk autocad mechanical	eq	2018
autodesk:autocad_mep	autodesk autocad mep	eq	2018
autodesk:autocad_p\&id	autodesk autocad p&id	eq	2018
autodesk:autocad_plant_3d	autodesk autocad plant 3d	eq	2018

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "product": "Autodesk Civil 3D",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2018"
      }
    ]
  },
  {
    "product": "Autodesk Advance Steel",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2018"
      }
    ]
  },
  {
    "product": "Autodesk AutoCAD",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2018"
      }
    ]
  },
  {
    "product": "Autodesk AutoCAD Architecture",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2018"
      }
    ]
  },
  {
    "product": "Autodesk AutoCAD Electrical",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2018"
      }
    ]
  },
  {
    "product": "Autodesk AutoCAD Map 3D",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2018"
      }
    ]
  },
  {
    "product": "Autodesk AutoCAD Mechanical",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2018"
      }
    ]
  },
  {
    "product": "Autodesk AutoCAD MEP",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2018"
      }
    ]
  },
  {
    "product": "Autodesk AutoCAD P&ID",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2018"
      }
    ]
  },
  {
    "product": "Autodesk AutoCAD Plant 3D",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2018"
      }
    ]
  },
  {
    "product": "Autodesk AutoCAD LT",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2018"
      }
    ]
  }
]

References

www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

38.8%

JSON

Related for CVE-2019-7360

talos1 cvelist1 prion1 nvd1