CVE-2022-33887 - OpenCVE

A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Autodesk	Autocad Mechanical Autocad Advance Steel Autocad Architecture Autocad Plant 3d Autocad Map 3d Autocad Mep Autocad Electrical Autocad Lt Autocad Autocad Civil 3d

Configuration 1 [-]

OR	cpe:2.3:a:autodesk:autocad::::::::
	cpe:2.3:a:autodesk:autocad::::::::
	cpe:2.3:a:autodesk:autocad_advance_steel::::::::
	cpe:2.3:a:autodesk:autocad_advance_steel::::::::
	cpe:2.3:a:autodesk:autocad_architecture::::::::
	cpe:2.3:a:autodesk:autocad_architecture::::::::
	cpe:2.3:a:autodesk:autocad_civil_3d::::::::
	cpe:2.3:a:autodesk:autocad_civil_3d::::::::
	cpe:2.3:a:autodesk:autocad_electrical::::::::
	cpe:2.3:a:autodesk:autocad_electrical::::::::
	cpe:2.3:a:autodesk:autocad_lt::::::::
	cpe:2.3:a:autodesk:autocad_lt::::::::
	cpe:2.3:a:autodesk:autocad_map_3d::::::::
	cpe:2.3:a:autodesk:autocad_map_3d::::::::
	cpe:2.3:a:autodesk:autocad_mechanical::::::::
	cpe:2.3:a:autodesk:autocad_mechanical::::::::
	cpe:2.3:a:autodesk:autocad_mep::::::::
	cpe:2.3:a:autodesk:autocad_mep::::::::
	cpe:2.3:a:autodesk:autocad_plant_3d::::::::
	cpe:2.3:a:autodesk:autocad_plant_3d::::::::

References

Link	Resource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: autodesk

Published: 2022-10-03T14:24:56

Updated: 2022-10-03T14:24:56

Reserved: 2022-06-16T00:00:00

Link: CVE-2022-33887

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-10-03T15:15:17.230

Modified: 2022-10-05T19:12:27.707

Link: CVE-2022-33887

JSON object: View

Redhat Information

No data.

CWE

CWE-755

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", "matchCriteriaId": "5829F52D-F61C-4B79-B724-3388B1B1723A", "versionEndExcluding": "2022.1.3", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", "matchCriteriaId": "70C48E66-DF91-4F0B-B93D-F6372BFC55C9", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCB04040-8C83-4381-B762-61F0ED8C8CC0", "versionEndExcluding": "2022.1.3", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", "matchCriteriaId": "57C7CD03-53D7-4224-82AE-F7CD929E3F92", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", "matchCriteriaId": "D042F7CF-2694-437E-B60A-4C324EBAB1F0", "versionEndExcluding": "2022.1.3", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF68C32D-7015-4513-BEB2-2CFD08DC799B", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A628855-3BE7-4B40-AFB7-7819CBD88D21", "versionEndExcluding": "2022.1.3", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "A42B62B9-0ABA-4BE8-9115-6E633664FCE6", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", "matchCriteriaId": "731F5891-D398-49AE-BA04-179D9FD18ED2", "versionEndExcluding": "2022.1.3", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", "matchCriteriaId": "E009D956-E27B-435B-A308-9279A7DA2087", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", "matchCriteriaId": "0982CCA5-8834-43D7-8596-F330D7A0A52B", "versionEndExcluding": "2022.1.3", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", "matchCriteriaId": "B937A033-FDA2-461E-8697-2341A9DE23DB", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FABCBE5-BF7B-4D2E-A886-8D38B3B82872", "versionEndExcluding": "2022.1.3", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "19A43BB0-22A6-4715-B556-1DE7CDCAF616", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC2B3E51-4AAD-4A1E-951D-6428A0C8D6BA", "versionEndExcluding": "2022.1.3", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE681603-E303-4759-B301-37BACF233C76", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1456E3E-3B38-42E2-96FE-B14361E30CB2", "versionEndExcluding": "2022.1.3", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9601144-D1E1-4F8A-A6C0-447E17F14337", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "74942A53-8D7E-4706-B9C3-EB1C03488684", "versionEndExcluding": "2022.1.3", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B95D329-E683-4128-8FC4-300CA974F1F1", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process."}, {"lang": "es", "value": "Un archivo PDF dise\u00f1ado de forma maliciosa cuando es analizado mediante Autodesk AutoCAD versi\u00f3n 2023 causa una excepci\u00f3n no controlada. Un atacante puede aprovechar esta vulnerabilidad para causar un bloqueo o leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual"}], "id": "CVE-2022-33887", "lastModified": "2022-10-05T19:12:27.707", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-03T15:15:17.230", "references": [{"source": "psirt@autodesk.com", "tags": ["Vendor Advisory"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"}], "sourceIdentifier": "psirt@autodesk.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}]}