Search
Find a vulnerability
Search criteria
2 vulnerabilities found for fusion_360 by autodesk
CVE-2022-27873 (GCVE-0-2022-27873)
Vulnerability from nvd – Published: 2022-07-29 15:17 – Updated: 2024-08-03 05:41
VLAI
Summary
An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information.
Severity
No CVSS data available.
CWE
- XML External Entities (XXE)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.autodesk.com/trust/security-advisorie… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:41:10.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fusion360",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.0.12887 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker can force the victim\u2019s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360\u2019s document parser. The vulnerability exists in the application\u2019s \u2018Insert SVG\u2019 procedure. An attacker can also leverage this vulnerability to obtain victim\u2019s public IP and possibly other sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML External Entities (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-29T15:17:03.000Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2022-27873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fusion360",
"version": {
"version_data": [
{
"version_value": "2.0.12887 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker can force the victim\u2019s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360\u2019s document parser. The vulnerability exists in the application\u2019s \u2018Insert SVG\u2019 procedure. An attacker can also leverage this vulnerability to obtain victim\u2019s public IP and possibly other sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entities (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2022-27873",
"datePublished": "2022-07-29T15:17:03.000Z",
"dateReserved": "2022-03-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:41:10.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27873 (GCVE-0-2022-27873)
Vulnerability from cvelistv5 – Published: 2022-07-29 15:17 – Updated: 2024-08-03 05:41
VLAI
Summary
An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information.
Severity
No CVSS data available.
CWE
- XML External Entities (XXE)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.autodesk.com/trust/security-advisorie… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:41:10.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fusion360",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.0.12887 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker can force the victim\u2019s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360\u2019s document parser. The vulnerability exists in the application\u2019s \u2018Insert SVG\u2019 procedure. An attacker can also leverage this vulnerability to obtain victim\u2019s public IP and possibly other sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML External Entities (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-29T15:17:03.000Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2022-27873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fusion360",
"version": {
"version_data": [
{
"version_value": "2.0.12887 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker can force the victim\u2019s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360\u2019s document parser. The vulnerability exists in the application\u2019s \u2018Insert SVG\u2019 procedure. An attacker can also leverage this vulnerability to obtain victim\u2019s public IP and possibly other sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entities (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2022-27873",
"datePublished": "2022-07-29T15:17:03.000Z",
"dateReserved": "2022-03-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:41:10.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}