CVE-2023-25005

A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0006	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:autodesk:infraworks::::::::
	cpe:2.3:a:autodesk:infraworks::::::::
	cpe:2.3:a:autodesk:infraworks:2021.2:-::::::
	cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_1::::::
	cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_2::::::
	cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_3::::::
	cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_4::::::
	cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_5::::::
	cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_6::::::
	cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_7::::::
	cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_8::::::
	cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_9::::::
	cpe:2.3:a:autodesk:infraworks:2023.1:-::::::

History

No history.

Information

Published : 2023-05-12 21:15

Updated : 2023-05-26 18:17

NVD link : CVE-2023-25005

Mitre link : CVE-2023-25005

CVE.ORG link : CVE-2023-25005

JSON object : View

Products Affected

autodesk

infraworks

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2023-25005", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-05-12T21:15:09.220", "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0006", "tags": ["Vendor Advisory"], "source": "psirt@autodesk.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability."}], "lastModified": "2023-05-26T18:17:22.953", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ED3976D-7AEB-4682-A992-39E3FFF21613", "versionEndExcluding": "2021.2", "versionStartIncluding": "2021.0"}, {"criteria": "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B5ED076-764C-400E-8DAD-7F9E0793FD7F", "versionEndExcluding": "2023.1", "versionStartIncluding": "2023.0"}, {"criteria": "cpe:2.3:a:autodesk:infraworks:2021.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8799159-8E69-4463-96D9-920E64A675B4"}, {"criteria": "cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDAE8B1C-5799-4FCB-AA1F-E01C72C545B1"}, {"criteria": "cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAB28476-5965-441D-AAEF-F76F7C599F3F"}, {"criteria": "cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67C2219C-5B50-4E46-B1F0-68218F1E5AF5"}, {"criteria": "cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5684221-8B7C-4ADA-A1A8-727E7F0F67BD"}, {"criteria": "cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB247C2B-8221-457A-99F9-39D75D4DB8E4"}, {"criteria": "cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3E63C7B-C4A5-4722-88A5-6801AA086915"}, {"criteria": "cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CBCFD6F-2195-48AA-B6A9-8EBB7BF1F047"}, {"criteria": "cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "280DEA0C-EF21-4C54-8C9D-FC83152F2C86"}, {"criteria": "cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "533A6090-B202-49D4-B0C7-7C189EB282AA"}, {"criteria": "cpe:2.3:a:autodesk:infraworks:2023.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71061947-E7CE-44C8-8DAE-779AEDBEC170"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@autodesk.com"}