Cybersecurity specialists report the detection of multiple vulnerabilities in various products developed by Autodesk. According to the report, successful exploitation of these flaws would allow threat actors to deploy multiple hacking tasks.
Below are brief descriptions of the reported vulnerabilities, in addition to their respective tracking keys and scores assigned according to the Common Vulnerability Scoring System (CVSS).
CVE-2022-25789: A use-after-free error within the analysis of DWF, 3DS, and DWFX files would allow remote threat actors to use specially crafted files to execute arbitrary code on affected systems.
This is a highly severe vulnerability and received a CVSS score of 7.7/10.
CVE-2022-27528: A use-after-free flaw within the analysis of DWFX and SKP files would allow remote threat actors to execute arbitrary code using specially crafted files.
This error received a CVSS score of 7.7/10.
CVE-2022-25796: A boundary error in the handling of DWF files would allow remote threat actors to use specially crafted files to execute arbitrary code on the affected system.
The flaw received a CVSS score of 7.7/10 and is considered a high severity error.
CVE-2022-25792: A boundary error within the analysis of DWF and DXF files would allow threat actors to execute arbitrary code on the affected system through a buffer overflow.
This is a highly severe error and received a CVSS score of 7.7//10.
CVE-2022-25790: A boundary error within DWF file scanning would allow malicious hackers to execute arbitrary code on compromised systems.
The flaw received a CVSS score of 7.7/10.
CVE-2022-25791: A boundary error within the analysis of DWF or DWFX files would allow remote hackers to create files specially designed to generate memory corruption and execute arbitrary code on the vulnerable system.
This is a high severity flaw and received a CVSS score of 7.7/10.
According to the report, these vulnerabilities reside in the following products and versions:
- Autodesk AutoCAD: 2019 – 2022
- Autodesk Navisworks: 2022
- Advance Steel: 2019 – 2022
- AutoCAD Architecture: 2019 – 2022
- Autodesk Civil 3D: 2019 – 2022
- AutoCAD Electrical: 2019 – 2022
- AutoCAD Map 3D: 2019 – 2022
- AutoCAD Mechanical: 2019 – 2022
- AutoCAD MEP: 2019 – 2022
- AutoCAD Plant 3D: 2019 – 2022
- AutoCAD LT: 2019 – 2022
- AutoCAD Mac: 2022
- AutoCAD Mac LT: 2022
While vulnerabilities can be exploited by unauthenticated remote threat actors, no active exploitation attempts have been detected so far. Still, Autodesk security teams recommend users of affected deployments install appropriate updates.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.