CVE-2021-27043

EPSS 0.22%
Veröffentlicht 25.06.2021 13:15:08
Zuletzt bearbeitet 21.11.2024 05:57:14
Quelle psirt@autodesk.com
CVE-Watchlists
Login
Unerledigt
Login

An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Autodesk ≫ Advance Steel Version >= 2019 < 2019.1.3

Autodesk ≫ Advance Steel Version >= 2020 < 2020.1.4

Autodesk ≫ Advance Steel Version >= 2021 < 2021.1.1

Autodesk ≫ Advance Steel Version >= 2022 < 2022.0.1

Autodesk ≫ Autocad Version >= 2019 < 2019.1.3

Autodesk ≫ Autocad Version >= 2020 < 2020.1.4

Autodesk ≫ Autocad Version >= 2021 < 2021.1.1

Autodesk ≫ Autocad Version >= 2022 < 2022.0.1

Autodesk ≫ Autocad Architecture Version >= 2019 < 2019.1.3

Autodesk ≫ Autocad Architecture Version >= 2020 < 2020.1.4

Autodesk ≫ Autocad Architecture Version >= 2021 < 2021.1.1

Autodesk ≫ Autocad Architecture Version >= 2022 <= 2022.0.1

Autodesk ≫ Autocad Electrical Version >= 2019 < 2019.1.3

Autodesk ≫ Autocad Electrical Version >= 2020 < 2020.1.4

Autodesk ≫ Autocad Electrical Version >= 2021 < 2021.1.1

Autodesk ≫ Autocad Electrical Version >= 2022 < 2022.0.1

Autodesk ≫ Autocad Lt Version >= 2019 < 2019.1.3

Autodesk ≫ Autocad Lt Version >= 2020 < 2020.1.4

Autodesk ≫ Autocad Lt Version >= 2021 < 2021.1.1

Autodesk ≫ Autocad Lt Version >= 2022 < 2022.0.1

Autodesk ≫ Autocad Map 3d Version >= 2019 < 2019.1.3

Autodesk ≫ Autocad Map 3d Version >= 2020 < 2020.1.4

Autodesk ≫ Autocad Map 3d Version >= 2021 < 2021.1.1

Autodesk ≫ Autocad Map 3d Version >= 2022 < 2022.0.1

Autodesk ≫ Autocad Mechanical Version >= 2019 < 2019.1.3

Autodesk ≫ Autocad Mechanical Version >= 2020 < 2020.1.4

Autodesk ≫ Autocad Mechanical Version >= 2021 < 2021.1.1

Autodesk ≫ Autocad Mechanical Version >= 2022 < 2022.0.1

Autodesk ≫ Autocad Mep Version >= 2019 < 2019.1.3

Autodesk ≫ Autocad Mep Version >= 2020 < 2020.1.4

Autodesk ≫ Autocad Mep Version >= 2021 < 2021.1.1

Autodesk ≫ Autocad Mep Version >= 2022 < 2022.0.1

Autodesk ≫ Autocad Plant 3d Version >= 2019 < 2019.1.3

Autodesk ≫ Autocad Plant 3d Version >= 2020 < 2020.1.4

Autodesk ≫ Autocad Plant 3d Version >= 2021 < 2021.1.1

Autodesk ≫ Autocad Plant 3d Version >= 2022 < 2022.0.1

Autodesk ≫ Civil 3d Version >= 2019 < 2019.1.3

Autodesk ≫ Civil 3d Version >= 2020 < 2020.1.4

Autodesk ≫ Civil 3d Version >= 2021 < 2021.1.1

Autodesk ≫ Civil 3d Version >= 2022 < 2022.0.1

Autodesk ≫ Dwg Trueview Version >= 2022 < 2022.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.443

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-27043

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-27043

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-27043

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-27043