CVE-2021-40155

EPSS 0.42%
Veröffentlicht 15.09.2021 17:15:10
Zuletzt bearbeitet 21.11.2024 06:23:40
Quelle psirt@autodesk.com
CVE-Watchlists
Login
Unerledigt
Login

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Autodesk ≫ Navisworks Version2019

Autodesk ≫ Navisworks Version2020

Autodesk ≫ Navisworks Version2021

Autodesk ≫ Navisworks Version2022

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.589

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0009

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-40155

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-40155

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-40155

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-40155