Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for fusion_360 by autodesk

    CVE-2022-27873 (GCVE-0-2022-27873)

    Vulnerability from nvd – Published: 2022-07-29 15:17 – Updated: 2024-08-03 05:41
    VLAI
    Summary
    An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information.
    Severity
    No CVSS data available.
    CWE
    • XML External Entities (XXE)
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Fusion360 Affected: 2.0.12887 and prior
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:41:10.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fusion360",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.12887 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker can force the victim\u2019s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360\u2019s document parser. The vulnerability exists in the application\u2019s \u2018Insert SVG\u2019 procedure. An attacker can also leverage this vulnerability to obtain victim\u2019s public IP and possibly other sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XML External Entities (XXE)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-29T15:17:03.000Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@autodesk.com",
              "ID": "CVE-2022-27873",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fusion360",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.0.12887 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An attacker can force the victim\u2019s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360\u2019s document parser. The vulnerability exists in the application\u2019s \u2018Insert SVG\u2019 procedure. An attacker can also leverage this vulnerability to obtain victim\u2019s public IP and possibly other sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XML External Entities (XXE)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013",
                  "refsource": "MISC",
                  "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2022-27873",
        "datePublished": "2022-07-29T15:17:03.000Z",
        "dateReserved": "2022-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:41:10.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27873 (GCVE-0-2022-27873)

    Vulnerability from cvelistv5 – Published: 2022-07-29 15:17 – Updated: 2024-08-03 05:41
    VLAI
    Summary
    An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information.
    Severity
    No CVSS data available.
    CWE
    • XML External Entities (XXE)
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Fusion360 Affected: 2.0.12887 and prior
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:41:10.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fusion360",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.12887 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker can force the victim\u2019s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360\u2019s document parser. The vulnerability exists in the application\u2019s \u2018Insert SVG\u2019 procedure. An attacker can also leverage this vulnerability to obtain victim\u2019s public IP and possibly other sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XML External Entities (XXE)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-29T15:17:03.000Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@autodesk.com",
              "ID": "CVE-2022-27873",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fusion360",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.0.12887 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An attacker can force the victim\u2019s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360\u2019s document parser. The vulnerability exists in the application\u2019s \u2018Insert SVG\u2019 procedure. An attacker can also leverage this vulnerability to obtain victim\u2019s public IP and possibly other sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XML External Entities (XXE)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013",
                  "refsource": "MISC",
                  "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2022-27873",
        "datePublished": "2022-07-29T15:17:03.000Z",
        "dateReserved": "2022-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:41:10.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }