CVE-2019-7364

EPSS 0.37%
Veröffentlicht 23.08.2019 20:15:10
Zuletzt bearbeitet 21.11.2024 04:48:06
Quelle psirt@autodesk.com
CVE-Watchlists
Login
Unerledigt
Login

DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Autodesk ≫ Advance Steel Version2017

Autodesk ≫ Advance Steel Version2018

Autodesk ≫ Advance Steel Version2019

Autodesk ≫ Advance Steel Version2020

Autodesk ≫ Autocad Version2017

Autodesk ≫ Autocad Version2018

Autodesk ≫ Autocad Version2019

Autodesk ≫ Autocad Version2020

Autodesk ≫ Autocad Architecture Version2017

Autodesk ≫ Autocad Architecture Version2018

Autodesk ≫ Autocad Architecture Version2019

Autodesk ≫ Autocad Architecture Version2020

Autodesk ≫ Autocad Electrical Version2017

Autodesk ≫ Autocad Electrical Version2018

Autodesk ≫ Autocad Electrical Version2019

Autodesk ≫ Autocad Electrical Version2020

Autodesk ≫ Autocad Lt Version2017

Autodesk ≫ Autocad Lt Version2018

Autodesk ≫ Autocad Lt Version2019

Autodesk ≫ Autocad Lt Version2020

Autodesk ≫ Autocad Map 3d Version2017

Autodesk ≫ Autocad Map 3d Version2018

Autodesk ≫ Autocad Map 3d Version2019

Autodesk ≫ Autocad Map 3d Version2020

Autodesk ≫ Autocad Mechanical Version2017

Autodesk ≫ Autocad Mechanical Version2018

Autodesk ≫ Autocad Mechanical Version2019

Autodesk ≫ Autocad Mechanical Version2020

Autodesk ≫ Autocad Mep Version2017

Autodesk ≫ Autocad Mep Version2018

Autodesk ≫ Autocad Mep Version2019

Autodesk ≫ Autocad Mep Version2020

Autodesk ≫ Autocad P&id Version2017

Autodesk ≫ Autocad Plant 3d Version2017

Autodesk ≫ Autocad Plant 3d Version2018

Autodesk ≫ Autocad Plant 3d Version2019

Autodesk ≫ Autocad Plant 3d Version2020

Autodesk ≫ Civil 3d Version2017

Autodesk ≫ Civil 3d Version2018

Autodesk ≫ Civil 3d Version2019

Autodesk ≫ Civil 3d Version2020

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.559

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-7364

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-7364

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-7364

EUVD