CVE-2023-29076 (GCVE-0-2023-29076)

Vulnerability from cvelistv5 – Published: 2023-11-23 03:45 – Updated: 2024-12-02 20:32
VLAI?
Summary
A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Autodesk AutoCAD, Advance Steel and Civil 3D Affected: 2024, 2023
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:15.859Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29076",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-02T20:32:49.055057Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-02T20:32:57.620Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "AutoCAD, Advance Steel and Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2024, 2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-23T03:45:53.401Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2023-29076",
    "datePublished": "2023-11-23T03:45:53.401Z",
    "dateReserved": "2023-03-30T21:27:50.092Z",
    "dateUpdated": "2024-12-02T20:32:57.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-29076\",\"sourceIdentifier\":\"psirt@autodesk.com\",\"published\":\"2023-11-23T04:15:07.410\",\"lastModified\":\"2024-11-21T07:56:30.397\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\\n\"},{\"lang\":\"es\",\"value\":\"Un archivo MODEL, SLDASM, SAT o CATPART creado con fines malintencionados cuando se analiza mediante Autodesk AutoCAD 2024 y 2023 podr\u00eda causar una vulnerabilidad de corrupci\u00f3n de memoria. Esta vulnerabilidad, junto con otras vulnerabilidades, podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo en el proceso actual.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*\",\"versionEndExcluding\":\"2024.1\",\"matchCriteriaId\":\"A383FEED-E3E3-405E-B68F-BFD7CCA9E6B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2023.0.0\",\"versionEndExcluding\":\"2023.1.4\",\"matchCriteriaId\":\"C53280C1-2A72-455E-965C-06613E469420\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2024.0.0\",\"versionEndExcluding\":\"2024.1.1\",\"matchCriteriaId\":\"417B7F6E-18F2-4020-84B4-55191714504F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023.1.4\",\"matchCriteriaId\":\"3C1B51F8-FACC-422B-AB62-571C8534279C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2024.0.0\",\"versionEndExcluding\":\"2024.1.1\",\"matchCriteriaId\":\"5D5A59C7-068D-4F8D-95ED-B7A5F2AA55F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023.1.4\",\"matchCriteriaId\":\"3524F041-03B7-46A6-AB92-4AA59DD79903\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2024.0.0\",\"versionEndExcluding\":\"2024.1.1\",\"matchCriteriaId\":\"4036CA65-3E98-43B5-95D4-7AC1E5345664\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023.1.4\",\"matchCriteriaId\":\"A0DE2E5C-0C3B-4E25-B380-ABFBFC34B9D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2024.0.0\",\"versionEndExcluding\":\"2024.1.1\",\"matchCriteriaId\":\"982AD391-3D1B-4923-97A5-B2AA41BE2CAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023.1.4\",\"matchCriteriaId\":\"80BDD7F9-1D15-4D35-9726-C931BCEE5F05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2024.0.0\",\"versionEndExcluding\":\"2024.1.1\",\"matchCriteriaId\":\"77484E5B-F84E-472E-B151-53FF2667C783\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023.1.4\",\"matchCriteriaId\":\"96B75F1C-FFBB-4B13-8F05-4D7B26F4C58C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*\",\"versionEndExcluding\":\"2024.1\",\"matchCriteriaId\":\"D5B21F42-E57A-4501-A2BE-6F99122BCBFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2024.0.0\",\"versionEndExcluding\":\"2024.1.1\",\"matchCriteriaId\":\"2225348E-5552-492C-A2DB-C5693516019C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023.1.4\",\"matchCriteriaId\":\"5B450512-9CB3-4CAF-B90C-1EE0194CA665\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2024.0.0\",\"versionEndExcluding\":\"2024.1.1\",\"matchCriteriaId\":\"2A778F8B-9BB9-4B7A-81B1-DCEDCB493408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023.1.4\",\"matchCriteriaId\":\"049B25B6-08E3-4D3D-8E7B-3724B53063F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2024.0.0\",\"versionEndExcluding\":\"2024.1.1\",\"matchCriteriaId\":\"7A8BF172-C18C-40D3-8917-6C33D0144D3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023.1.4\",\"matchCriteriaId\":\"BC4656EC-02E1-41DF-8FEA-668DE950FA79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2024.0.0\",\"versionEndExcluding\":\"2024.1.1\",\"matchCriteriaId\":\"67E135A2-2C3E-4550-B239-3013C7FA586A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023.1.4\",\"matchCriteriaId\":\"AFDAEB3D-CDF1-4E2F-B1D5-6D4140E8A65C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2024.0.0\",\"versionEndExcluding\":\"2024.1.1\",\"matchCriteriaId\":\"5CB26133-E6B9-4D0C-9A58-F564FFB11EF3\"}]}]}],\"references\":[{\"url\":\"https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018\",\"source\":\"psirt@autodesk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T14:00:15.859Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-29076\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-02T20:32:49.055057Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-02T20:32:53.877Z\"}}], \"cna\": {\"source\": {\"discovery\": \"EXTERNAL\"}, \"affected\": [{\"vendor\": \"Autodesk\", \"product\": \"AutoCAD, Advance Steel and Civil 3D\", \"versions\": [{\"status\": \"affected\", \"version\": \"2024, 2023\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"7e40ea87-bc65-4944-9723-dd79dd760601\", \"shortName\": \"autodesk\", \"dateUpdated\": \"2023-11-23T03:45:53.401Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-29076\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-02T20:32:57.620Z\", \"dateReserved\": \"2023-03-30T21:27:50.092Z\", \"assignerOrgId\": \"7e40ea87-bc65-4944-9723-dd79dd760601\", \"datePublished\": \"2023-11-23T03:45:53.401Z\", \"assignerShortName\": \"autodesk\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.