Lucene search

[email protected]NVD:CVE-2023-27915

HistoryApr 14, 2023 - 7:15 p.m.

CVE-2023-27915

2023-04-1419:15:09

CWE-787

[email protected]

web.nvd.nist.gov

autodesk

autocad

2023

x_b file

memory corruption

vulnerability

read access violation

code execution

current process

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

27.3%

JSON

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Affected configurations

Nvd

Node

autodeskautocadRange2023–2023.1.3

autodeskautocad_advance_steelRange2023–2023.1.3

autodeskautocad_architectureRange2023–2023.1.3

autodeskautocad_civil_3dRange2023–2023.1.3

autodeskautocad_electricalRange2023–2023.1.3

autodeskautocad_ltRange2023–2023.1.3

autodeskautocad_map_3dRange2023–2023.1.3

autodeskautocad_mechanicalRange2023–2023.1.3

autodeskautocad_mepRange2023–2023.1.3

autodeskautocad_plant_3dRange2023–2023.1.3

VendorProductVersionCPE
autodeskautocad*cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
autodeskautocad_advance_steel*cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*
autodeskautocad_architecture*cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
autodeskautocad_civil_3d*cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*
autodeskautocad_electrical*cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
autodeskautocad_lt*cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*
autodeskautocad_map_3d*cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
autodeskautocad_mechanical*cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
autodeskautocad_mep*cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
autodeskautocad_plant_3d*cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
autodesk	autocad	*	cpe:2.3:a:autodesk:autocad::::::::
autodesk	autocad_advance_steel	*	cpe:2.3:a:autodesk:autocad_advance_steel::::::::
autodesk	autocad_architecture	*	cpe:2.3:a:autodesk:autocad_architecture::::::::
autodesk	autocad_civil_3d	*	cpe:2.3:a:autodesk:autocad_civil_3d::::::::
autodesk	autocad_electrical	*	cpe:2.3:a:autodesk:autocad_electrical::::::::
autodesk	autocad_lt	*	cpe:2.3:a:autodesk:autocad_lt::::::::
autodesk	autocad_map_3d	*	cpe:2.3:a:autodesk:autocad_map_3d::::::::
autodesk	autocad_mechanical	*	cpe:2.3:a:autodesk:autocad_mechanical::::::::
autodesk	autocad_mep	*	cpe:2.3:a:autodesk:autocad_mep::::::::
autodesk	autocad_plant_3d	*	cpe:2.3:a:autodesk:autocad_plant_3d::::::::

References

www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

27.3%

JSON

Related for NVD:CVE-2023-27915

cvelist1 cve1 prion1