Autodesk VRED Pro 2014 < SR1 SP8 Remote Code Execution

Critical Nessus Plugin ID 76774


An application on the remote host is affected by a remote code execution vulnerability.


The remote host has a version of Autodesk VRED Pro that is vulnerable to an unauthenticated remote code execution via a Python API exposed by its built-in web server. This can allow a remote attacker to execute arbitrary code on the host.


Upgrade to Autodesk VRED Pro 2014 SR1 SP8 or higher.

See Also

Plugin Details

Severity: Critical

ID: 76774

File Name: autodesk_vred_2014_sr1_sp8.nasl

Version: $Revision: 1.1 $

Type: local

Agent: windows

Family: Windows

Published: 2014/07/24

Modified: 2014/07/25

Dependencies: 76773

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:autodesk:vred

Required KB Items: installed_sw/Autodesk VRED

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/06/26

Vulnerability Publication Date: 2014/06/26

Reference Information

CVE: CVE-2014-2967

BID: 68364

OSVDB: 108712

CERT: 402020