Lucene search

AutodeskCVE-2022-27873

HistoryJul 29, 2022 - 4:15 p.m.

CVE-2022-27873

2022-07-2916:15:08

CWE-611

autodesk

web.nvd.nist.gov

2206

cve-2022-27873

vulnerability

autodesk fusion 360

http requests

wan

svg file

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

26.4%

JSON

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information.

Affected configurations

Nvd

Node

autodeskfusion_360Range≤2.0.12887

VendorProductVersionCPE
autodeskfusion_360*cpe:2.3:a:autodesk:fusion_360:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
autodesk	fusion_360	*	cpe:2.3:a:autodesk:fusion_360::::::::

CNA Affected

[
  {
    "product": "Fusion360",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "2.0.12887 and prior"
      }
    ]
  }
]

References

www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013

Social References

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

26.4%

JSON

Related for CVE-2022-27873