Autodesk FBX-SDK library <= 2019.5 Multiple Vulnerabilities (ADSK-SA-2020-0002)

high Nessus Plugin ID 135973

Synopsis

The Autodesk FBX-SDK library installed on the remote host is affected by multiple vulnerabilities.

Description

The version of Autodesk FBX-SDK library installed on the remote host is prior to 2019.5. It is, therefore, affected by the following vulnerabilities :

- A buffer overflow vulnerability in the Autodesk FBX-SDK may lead to arbitrary code execution on a system running it. (CVE-2020-7080)

- A type confusion vulnerability in the Autodesk FBX-SDK may lead to arbitary code read/write on the system running it. (CVE-2020-7081)

- A use-after-free vulnerability in the Autodesk FBX-SDK may lead to code execution on a system running it.
(CVE-2020-7082)

- An intager overflow vulnerability in the Autodesk FBX-SDK may lead to denial of service of the application. (CVE-2020-7083)

- A NULL pointer dereference vulnerability in the Autodesk FBX-SDK may lead to denial of service of the application. (CVE-2020-7084)

- A heap overflow vulnerability in the Autodesk FBX-SDK may lead to arbitrary code execution on a system running it. (CVE-2020-7085)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Autodesk FBX-SDK library version 2020 or later.

See Also

https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002

Plugin Details

Severity: High

ID: 135973

File Name: autodesk_fbx-sdk_adsk-sa-2020-0002.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 4/24/2020

Updated: 5/13/2022

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2020-7085

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

CVSS Score Source: CVE-2020-7082

Vulnerability Information

CPE: cpe:/a:autodesk:fbx_software_development_kit

Required KB Items: installed_sw/FBX SDK

Exploit Ease: No known exploits are available

Patch Publication Date: 4/15/2020

Vulnerability Publication Date: 4/15/2020

Reference Information

CVE: CVE-2020-7080, CVE-2020-7081, CVE-2020-7082, CVE-2020-7083, CVE-2020-7084, CVE-2020-7085

IAVA: 2020-A-0170