Detections
Analytics
Autodesk AutoCAD Multiple Vulnerabilities (adsk-sa-2022-0021)
high Nessus Plugin ID 168371
Language:
Synopsis
The version of Autodesk AutoCAD installed on the remote Windows host is affected by multiple vulnerabilities.Description
The version of Autodesk AutoCAD installed on the remote Windows host is a version prior to 2020.1.6, 2021.1.3, 2022.1.3 or 2023.1.1. It is, therefore, affected by multiple vulnerabilities.- A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023, 2022, 2021 and 2020 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution. (CVE-2022-33889)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Autodesk AutoCAD version 2020.1.6, 2021.1.3, 2022.1.3, 2023.1.1 or later.See Also
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021
Plugin Details
Severity: High
ID: 168371
File Name: autodesk_autocad_adsk-sa-2022-0021.nasl
Version: 1.3
Type: local
Agent: windows
Family: Windows
Published: 12/2/2022
Updated: 4/17/2023
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2022-33889
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:autodesk:autocad
Required KB Items: SMB/Registry/Enumerated, installed_sw/Autodesk AutoCAD
Exploit Ease: No known exploits are available
Patch Publication Date: 9/30/2022
Vulnerability Publication Date: 9/30/2022
Reference Information
CVE: CVE-2022-33889
IAVA: 2022-A-0503