CVE-2021-40159
Vulnerability from cvelistv5
Published
2022-01-25 00:00
Modified
2024-08-04 02:27
Severity ?
EPSS score ?
Summary
An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@autodesk.com | https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002 | Vendor Advisory | |
| psirt@autodesk.com | https://www.zerodayinitiative.com/advisories/ZDI-22-282/ | Third Party Advisory, VDB Entry | |
| psirt@autodesk.com | https://www.zerodayinitiative.com/advisories/ZDI-22-289/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-22-282/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-22-289/ | Third Party Advisory, VDB Entry |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-282/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-289/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Inventor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-282/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-289/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40159",
"datePublished": "2022-01-25T00:00:00",
"dateReserved": "2021-08-27T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-40159\",\"sourceIdentifier\":\"psirt@autodesk.com\",\"published\":\"2022-01-25T20:15:08.327\",\"lastModified\":\"2024-11-21T06:23:41.587\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n para archivos JT en Autodesk Inventor 2022, 2021, 2020, 2019 junto con otras vulnerabilidades puede conducir a la ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de archivos JT maliciosamente elaborados en el contexto del proceso actual\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndExcluding\":\"2022.1.2\",\"matchCriteriaId\":\"E1BE9431-DC86-4ABB-8EE2-9FADA3B0AEBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndExcluding\":\"2022.1.2\",\"matchCriteriaId\":\"2C5F50DF-4792-4A29-BB21-5821CA5E3A22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndExcluding\":\"2022.1.2\",\"matchCriteriaId\":\"E9466EE6-83C9-492F-8486-F3E6C1DD9F5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndExcluding\":\"2022.1.2\",\"matchCriteriaId\":\"6DD91E39-A3D8-4806-A778-608FD6C29BB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndExcluding\":\"2022.1.2\",\"matchCriteriaId\":\"D01E3771-86FD-483D-BCCB-1B1CDD4C482F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndExcluding\":\"2022.1.2\",\"matchCriteriaId\":\"120326C3-E212-4341-A25D-BC3DD50CF228\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndExcluding\":\"2022.1.2\",\"matchCriteriaId\":\"B117299A-C5FE-419F-9C1C-DF58A2772055\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndExcluding\":\"2022.1.2\",\"matchCriteriaId\":\"CC178212-E440-46E9-9F00-60A5516D4D72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndExcluding\":\"2022.1.2\",\"matchCriteriaId\":\"7ED0DB1D-6F37-4C1B-B55E-42F3A4E34299\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndExcluding\":\"2022.1.2\",\"matchCriteriaId\":\"82C21398-6A86-4E56-A98E-E80FFCC6732E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:inventor:2019:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0B62AB8-467B-4305-93C0-80F4ED72BFA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:inventor:2020:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"521006E6-57DF-4E48-9D9B-70EED55DDC9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:inventor:2021:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C14111CD-085E-4B05-8FB6-2B2F871BE963\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:inventor:2022:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C67079A0-1C2B-45F9-91CC-74C685D31B67\"}]}]}],\"references\":[{\"url\":\"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002\",\"source\":\"psirt@autodesk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-22-282/\",\"source\":\"psirt@autodesk.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-22-289/\",\"source\":\"psirt@autodesk.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-22-282/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-22-289/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.