Autodesk VRED Pro 2014 < SR1 SP8 Remote Code Execution

critical Nessus Plugin ID 76774

Synopsis

An application on the remote host is affected by a remote code execution vulnerability.

Description

The remote host has a version of Autodesk VRED Pro that is vulnerable to an unauthenticated remote code execution via a Python API exposed by its built-in web server. This can allow a remote attacker to execute arbitrary code on the host.

Solution

Upgrade to Autodesk VRED Pro 2014 SR1 SP8 or higher.

See Also

https://www.autodesk.com/products/vred/overview

Plugin Details

Severity: Critical

ID: 76774

File Name: autodesk_vred_2014_sr1_sp8.nasl

Version: 1.3

Type: local

Agent: windows

Family: Windows

Published: 7/24/2014

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:autodesk:vred

Required KB Items: installed_sw/Autodesk VRED

Exploit Ease: No known exploits are available

Patch Publication Date: 6/26/2014

Vulnerability Publication Date: 6/26/2014

Reference Information

CVE: CVE-2014-2967

BID: 68364

CERT: 402020