CVE-2022-33882 - Vulnerability Details

Vendors	Products
Autodesk	Autodesk Desktop

Link	Providers
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0015

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Autodesk desktop app", "vendor": "n/a", "versions": [{"status": "affected", "version": "8.4.0.50 and prior versions"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "Improper Privilege Management", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T15:04:01", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0015"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@autodesk.com", "ID": "CVE-2022-33882", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Autodesk desktop app", "version": {"version_data": [{"version_value": "8.4.0.50 and prior versions"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Privilege Management"}]}]}, "references": {"reference_data": [{"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0015", "refsource": "MISC", "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0015"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:09:22.671Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0015"}]}]}, "cveMetadata": {"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2022-33882", "datePublished": "2022-10-03T15:04:01", "dateReserved": "2022-06-16T00:00:00", "dateUpdated": "2024-08-03T08:09:22.671Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Autodesk desktop app (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : 8.4.0.50 and prior versions (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Improper Privilege Management (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2022-10-03T15:04:01 (string)

orgId : 7e40ea87-bc65-4944-9723-dd79dd760601 (string)

shortName : autodesk (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0015 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@autodesk.com (string)

ID : CVE-2022-33882 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Autodesk desktop app (string)

version : { »

version_data : [ »

0 : { »

version_value : 8.4.0.50 and prior versions (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Improper Privilege Management (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0015 (string)

refsource : MISC (string)

url : https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0015 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T08:09:22.671Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0015 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 7e40ea87-bc65-4944-9723-dd79dd760601 (string)

assignerShortName : autodesk (string)

cveId : CVE-2022-33882 (string)

datePublished : 2022-10-03T15:04:01 (string)

dateReserved : 2022-06-16T00:00:00 (string)

dateUpdated : 2024-08-03T08:09:22.671Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:autodesk_desktop:*:*:*:*:*:*:*:*", "matchCriteriaId": "36D0DB05-26C9-4529-8AC0-68F73D0BF3E2", "versionEndIncluding": "8.4.0.50", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code."}, {"lang": "es", "value": "Bajo determinadas condiciones, un atacante podr\u00eda crear una esfera de control no intencionada mediante una vulnerabilidad presente en la operaci\u00f3n de eliminaci\u00f3n de archivos en la aplicaci\u00f3n de escritorio de Autodesk (ADA). Un atacante podr\u00eda aprovechar esta vulnerabilidad para escalar privilegios y ejecutar c\u00f3digo arbitrario"}], "id": "CVE-2022-33882", "lastModified": "2024-11-21T07:08:31.323", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-03T16:15:12.563", "references": [{"source": "psirt@autodesk.com", "tags": ["Vendor Advisory"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0015"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0015"}], "sourceIdentifier": "psirt@autodesk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:autodesk:autodesk_desktop:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 36D0DB05-26C9-4529-8AC0-68F73D0BF3E2 (string)

versionEndIncluding : 8.4.0.50 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code. (string)

}

1 : { »

lang : es (string)

value : Bajo determinadas condiciones, un atacante podría crear una esfera de control no intencionada mediante una vulnerabilidad presente en la operación de eliminación de archivos en la aplicación de escritorio de Autodesk (ADA). Un atacante podría aprovechar esta vulnerabilidad para escalar privilegios y ejecutar código arbitrario (string)

}

]

id : CVE-2022-33882 (string)

lastModified : 2024-11-21T07:08:31.323 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-10-03T16:15:12.563 (string)

references : [ »

0 : { »

source : psirt@autodesk.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0015 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0015 (string)

}

]

sourceIdentifier : psirt@autodesk.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object