CVE-2023-27915

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005	Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:autodesk:autocad::::::::
	cpe:2.3:a:autodesk:autocad_advance_steel::::::::
	cpe:2.3:a:autodesk:autocad_architecture::::::::
	cpe:2.3:a:autodesk:autocad_civil_3d::::::::
	cpe:2.3:a:autodesk:autocad_electrical::::::::
	cpe:2.3:a:autodesk:autocad_lt::::::::
	cpe:2.3:a:autodesk:autocad_map_3d::::::::
	cpe:2.3:a:autodesk:autocad_mechanical::::::::
	cpe:2.3:a:autodesk:autocad_mep::::::::
	cpe:2.3:a:autodesk:autocad_plant_3d::::::::

History

06 Feb 2025, 21:15

Type	Values Removed	Values Added
CWE		CWE-125

Information

Published : 2023-04-14 19:15

Updated : 2025-02-06 21:15

NVD link : CVE-2023-27915

Mitre link : CVE-2023-27915

CVE.ORG link : CVE-2023-27915

JSON object : View

Products Affected

autodesk

autocad_architecture
autocad_advance_steel
autocad
autocad_civil_3d
autocad_plant_3d
autocad_map_3d
autocad_mechanical
autocad_mep
autocad_lt
autocad_electrical

CWE

CWE-787

Out-of-bounds Write

CWE-125

Out-of-bounds Read

{"id": "CVE-2023-27915", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-04-14T19:15:09.090", "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005", "tags": ["Vendor Advisory"], "source": "psirt@autodesk.com"}, {"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "A maliciously crafted X_B file when parsed through Autodesk\u00ae AutoCAD\u00ae 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."}], "lastModified": "2025-02-06T21:15:18.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2568A62-E5C4-490E-81F8-544415B928DC", "versionEndExcluding": "2023.1.3", "versionStartIncluding": "2023"}, {"criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D94FD09-1B96-4778-BFAD-078C8B8501B5", "versionEndExcluding": "2023.1.3", "versionStartIncluding": "2023"}, {"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "299634F4-D72C-4DD2-9F51-7B2AD8A92798", "versionEndExcluding": "2023.1.3", "versionStartIncluding": "2023"}, {"criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D28E2A64-93A8-4421-94E8-05E080C8A342", "versionEndExcluding": "2023.1.3", "versionStartIncluding": "2023"}, {"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C845EE8F-8DDA-4242-B5E1-91CEDEA163BD", "versionEndExcluding": "2023.1.3", "versionStartIncluding": "2023"}, {"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A80FA213-D03D-426D-B271-25BF1BDA648E", "versionEndExcluding": "2023.1.3", "versionStartIncluding": "2023"}, {"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18DD5427-3666-4D5E-9AB9-A0236F79181E", "versionEndExcluding": "2023.1.3", "versionStartIncluding": "2023"}, {"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C22D3F40-E682-4871-B18F-E84829FBFB22", "versionEndExcluding": "2023.1.3", "versionStartIncluding": "2023"}, {"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "326B5CC6-1BFB-497B-863C-88874878449B", "versionEndExcluding": "2023.1.3", "versionStartIncluding": "2023"}, {"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAD08203-9B65-4141-A35E-3B9EACFE4B54", "versionEndExcluding": "2023.1.3", "versionStartIncluding": "2023"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@autodesk.com"}