Lucene search

AutodeskCVE-2024-23158

HistoryJun 25, 2024 - 4:15 a.m.

CVE-2024-23158

2024-06-2504:15:14

CWE-416

autodesk

web.nvd.nist.gov

iges file vulnerability

use-after-free

autodesk applications

arbitrary code execution

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

29.1%

JSON

A maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can be used to cause a use-after-free vulnerability. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "AutoCAD, Advance Steel and Civil 3D",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2024"
      }
    ]
  }
]

References

www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

29.1%

JSON

Related for CVE-2024-23158