Kaspersky LabKLA10778KLA10778 arbitrary code execution vulnerability in Autodesk Backburner
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.007 Low
EPSS
Percentile
80.1%
Detect date:
03/28/2016
Severity:
Critical
Description:
An unspecified vulnerability was found in Autodesk Backburner. By exploiting this vulnerability malicious users can cause denial of service or execute arbitrary code. This vulnerability can be exploited remotely via a specially designed command.
Affected products:
Autodesk Backburner 2016 versions 2016.0.0.2150 and earlier
Solution:
At this moment vendor does not released patch. Try to update as soon as patch released. While there is no update you can restrict access to manager service. For further instructions and links look at original advisory.
Original advisories:
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2016-23447.8Critical
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.007 Low
EPSS
Percentile
80.1%