cvelistv5 - cve-2022-41303

CVE-2022-41303 (GCVE-0-2022-41303)

Vulnerability from cvelistv5 – Published: 2022-10-14 00:00 – Updated: 2025-05-14 15:34

Summary

A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Out-Of-Bounds Write

Assigner

autodesk

References

URL

Tags

https://www.autodesk.com/trust/security-advisorie…

Impacted products

	Vendor	Product	Version
	n/a	FBX SDK	Affected: 2020.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:42:44.708Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-41303",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-14T15:33:42.653504Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-14T15:34:18.931Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FBX SDK",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2020.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-Of-Bounds Write",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-14T00:00:00.000Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-41303",
    "datePublished": "2022-10-14T00:00:00.000Z",
    "dateReserved": "2022-09-21T00:00:00.000Z",
    "dateUpdated": "2025-05-14T15:34:18.931Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:autodesk:fbx_software_development_kit:2020.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8805EE28-F361-482B-81FC-4E31F2EDB85D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.\"}, {\"lang\": \"es\", \"value\": \"Un usuario puede ser enga\\u00f1ado para abrir un archivo FBX malicioso que puede explotar una vulnerabilidad de uso de memoria previamente liberada en Autodesk FBX SDK versi\\u00f3n 2020 causando que la aplicaci\\u00f3n haga referencia a una ubicaci\\u00f3n de memoria controlada por un tercero no autorizado, ejecutando as\\u00ed c\\u00f3digo arbitrario en el sistema\"}]",
      "id": "CVE-2022-41303",
      "lastModified": "2024-11-21T07:23:00.340",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2022-10-14T17:15:16.203",
      "references": "[{\"url\": \"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022\", \"source\": \"psirt@autodesk.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@autodesk.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-41303\",\"sourceIdentifier\":\"psirt@autodesk.com\",\"published\":\"2022-10-14T17:15:16.203\",\"lastModified\":\"2025-05-14T16:15:22.397\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.\"},{\"lang\":\"es\",\"value\":\"Un usuario puede ser enga\u00f1ado para abrir un archivo FBX malicioso que puede explotar una vulnerabilidad de uso de memoria previamente liberada en Autodesk FBX SDK versi\u00f3n 2020 causando que la aplicaci\u00f3n haga referencia a una ubicaci\u00f3n de memoria controlada por un tercero no autorizado, ejecutando as\u00ed c\u00f3digo arbitrario en el sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:fbx_software_development_kit:2020.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8805EE28-F361-482B-81FC-4E31F2EDB85D\"}]}]}],\"references\":[{\"url\":\"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022\",\"source\":\"psirt@autodesk.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:42:44.708Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-41303\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-14T15:33:42.653504Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-14T15:34:14.797Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"FBX SDK\", \"versions\": [{\"status\": \"affected\", \"version\": \"2020.3.1\"}]}], \"references\": [{\"url\": \"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Out-Of-Bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"7e40ea87-bc65-4944-9723-dd79dd760601\", \"shortName\": \"autodesk\", \"dateUpdated\": \"2022-10-14T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-41303\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-14T15:34:18.931Z\", \"dateReserved\": \"2022-09-21T00:00:00.000Z\", \"assignerOrgId\": \"7e40ea87-bc65-4944-9723-dd79dd760601\", \"datePublished\": \"2022-10-14T00:00:00.000Z\", \"assignerShortName\": \"autodesk\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

WID-SEC-W-2023-2325

Vulnerability from csaf_certbund - Published: 2023-09-12 22:00 - Updated: 2023-09-12 22:00

Summary

Microsoft 3D Builder und Viewer: Mehrere Schwachstellen ermöglichen Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Microsoft 3D Builder ist eine Software zur Erstellung von 3D Modellen, z.B. für den 3D Druck. Microsoft 3D Viewer ist eine Betrachtungssoftware für 3D Modelle und Animationen.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Microsoft 3D Builder und Microsoft 3D Viewer ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Microsoft 3D Builder ist eine Software zur Erstellung von 3D Modellen, z.B. f\u00fcr den 3D Druck.\r\nMicrosoft 3D Viewer ist eine Betrachtungssoftware f\u00fcr 3D Modelle und Animationen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Microsoft 3D Builder und Microsoft 3D Viewer ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2325 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2325.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2325 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2325"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2023-09-12",
        "url": "https://msrc.microsoft.com/update-guide"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft 3D Builder und Viewer: Mehrere Schwachstellen erm\u00f6glichen Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2023-09-12T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:58:19.576+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2325",
      "initial_release_date": "2023-09-12T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-09-12T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Microsoft 3D Builder \u003c 20.0.4.0",
            "product": {
              "name": "Microsoft 3D Builder \u003c 20.0.4.0",
              "product_id": "T029798",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:3d_builder:20.0.4.0"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft 3D Viewer \u003c 7.2306.12012.0",
            "product": {
              "name": "Microsoft 3D Viewer \u003c 7.2306.12012.0",
              "product_id": "T029799",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:3d_viewer:7.2306.12012.0"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-36773",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 3D Builder und Microsoft 3D Viewer existieren mehrere nicht genauer beschriebene Schwachstellen. Ein Angreifer kann mit einer speziell gestalteten Datei beliebigen Code ausf\u00fchren. Zur erfolgreichen Ausnutzung muss der Angreifer den Benutzer dazu bringen, diese Datei zu \u00f6ffnen."
        }
      ],
      "release_date": "2023-09-12T22:00:00.000+00:00",
      "title": "CVE-2023-36773"
    },
    {
      "cve": "CVE-2023-36772",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 3D Builder und Microsoft 3D Viewer existieren mehrere nicht genauer beschriebene Schwachstellen. Ein Angreifer kann mit einer speziell gestalteten Datei beliebigen Code ausf\u00fchren. Zur erfolgreichen Ausnutzung muss der Angreifer den Benutzer dazu bringen, diese Datei zu \u00f6ffnen."
        }
      ],
      "release_date": "2023-09-12T22:00:00.000+00:00",
      "title": "CVE-2023-36772"
    },
    {
      "cve": "CVE-2023-36771",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 3D Builder und Microsoft 3D Viewer existieren mehrere nicht genauer beschriebene Schwachstellen. Ein Angreifer kann mit einer speziell gestalteten Datei beliebigen Code ausf\u00fchren. Zur erfolgreichen Ausnutzung muss der Angreifer den Benutzer dazu bringen, diese Datei zu \u00f6ffnen."
        }
      ],
      "release_date": "2023-09-12T22:00:00.000+00:00",
      "title": "CVE-2023-36771"
    },
    {
      "cve": "CVE-2023-36770",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 3D Builder und Microsoft 3D Viewer existieren mehrere nicht genauer beschriebene Schwachstellen. Ein Angreifer kann mit einer speziell gestalteten Datei beliebigen Code ausf\u00fchren. Zur erfolgreichen Ausnutzung muss der Angreifer den Benutzer dazu bringen, diese Datei zu \u00f6ffnen."
        }
      ],
      "release_date": "2023-09-12T22:00:00.000+00:00",
      "title": "CVE-2023-36770"
    },
    {
      "cve": "CVE-2023-36760",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 3D Builder und Microsoft 3D Viewer existieren mehrere nicht genauer beschriebene Schwachstellen. Ein Angreifer kann mit einer speziell gestalteten Datei beliebigen Code ausf\u00fchren. Zur erfolgreichen Ausnutzung muss der Angreifer den Benutzer dazu bringen, diese Datei zu \u00f6ffnen."
        }
      ],
      "release_date": "2023-09-12T22:00:00.000+00:00",
      "title": "CVE-2023-36760"
    },
    {
      "cve": "CVE-2023-36740",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 3D Builder und Microsoft 3D Viewer existieren mehrere nicht genauer beschriebene Schwachstellen. Ein Angreifer kann mit einer speziell gestalteten Datei beliebigen Code ausf\u00fchren. Zur erfolgreichen Ausnutzung muss der Angreifer den Benutzer dazu bringen, diese Datei zu \u00f6ffnen."
        }
      ],
      "release_date": "2023-09-12T22:00:00.000+00:00",
      "title": "CVE-2023-36740"
    },
    {
      "cve": "CVE-2023-36739",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 3D Builder und Microsoft 3D Viewer existieren mehrere nicht genauer beschriebene Schwachstellen. Ein Angreifer kann mit einer speziell gestalteten Datei beliebigen Code ausf\u00fchren. Zur erfolgreichen Ausnutzung muss der Angreifer den Benutzer dazu bringen, diese Datei zu \u00f6ffnen."
        }
      ],
      "release_date": "2023-09-12T22:00:00.000+00:00",
      "title": "CVE-2023-36739"
    },
    {
      "cve": "CVE-2022-41303",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 3D Builder und Microsoft 3D Viewer existieren mehrere nicht genauer beschriebene Schwachstellen. Ein Angreifer kann mit einer speziell gestalteten Datei beliebigen Code ausf\u00fchren. Zur erfolgreichen Ausnutzung muss der Angreifer den Benutzer dazu bringen, diese Datei zu \u00f6ffnen."
        }
      ],
      "release_date": "2023-09-12T22:00:00.000+00:00",
      "title": "CVE-2022-41303"
    }
  ]
}

ICSA-23-073-02

Vulnerability from csaf_cisa - Published: 2023-03-29 18:59 - Updated: 2023-03-29 18:59

Summary

Autodesk FBX SDK

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could lead to code execution or a denial-of-service condition. Products using Autodesk FBX SDK software are affected by these vulnerabilities.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

United States

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Recommended Practices

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

Recommended Practices

When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Recommended Practices

Do not click web links or open attachments in unsolicited email messages.

Recommended Practices

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Recommended Practices

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

Recommended Practices

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Michael DePlante"
        ],
        "organization": "Trend Micro Zero Day Initiative",
        "summary": "reporting this vulnerability to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could lead to code execution or a denial-of-service condition. Products using Autodesk FBX SDK software are affected by these vulnerabilities.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Do not click web links or open attachments in unsolicited email messages.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-23-073-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-073-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-23-073-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/ics/Recommended-Practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://cisa.gov/ics"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "Autodesk FBX SDK",
    "tracking": {
      "current_release_date": "2023-03-29T18:59:20.225092Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-23-073-02",
      "initial_release_date": "2023-03-29T18:59:20.225092Z",
      "revision_history": [
        {
          "date": "2023-03-29T18:59:20.225092Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "CSAF Creation Date"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 2020",
                "product": {
                  "name": "Autodesk FBX SDK: versions 2020 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Autodesk FBX SDK"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 11.3",
                "product": {
                  "name": "Luxion KeyShot: version 11.3 and prior",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Luxion KeyShot"
          }
        ],
        "category": "vendor",
        "name": "Autodesk"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-41302",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An out-of-bounds read vulnerability in versions of Autodesk FBX SDK prior to version 2020 could result in code execution or information disclosure through maliciously crafted FBX files. This vulnerability, if exploited alongside other vulnerabilities, could also result in code execution in the context of the current process. CVE-2022-41302 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41302"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Luxion recommends users using KeyShot 11.3 and prior versions to update to KeyShot 2023.1.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.keyshot.com/csirt/"
        },
        {
          "category": "vendor_fix",
          "details": "Autodesk recommends users of the affected products apply the available hotfix for their version via the Autodesk Desktop App.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FBX SDK 2020.3.2",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.autodesk.com/developer-network/platform-technologies/fbx-sdk-2020-3"
        },
        {
          "category": "vendor_fix",
          "details": "For more information, see the Autodesk Security Advisory.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-41303",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Once opened, a maliciously crafted FBX file could leverage a use-after-free vulnerability in versions of Autodesk FBX SDK prior to version 2020. Exploitation of this vulnerability could cause the application to reference a memory location controlled by an unauthorized third party and run arbitrary code on the system. CVE-2022-41303 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41303"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Luxion recommends users using KeyShot 11.3 and prior versions to update to KeyShot 2023.1.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.keyshot.com/csirt/"
        },
        {
          "category": "vendor_fix",
          "details": "Autodesk recommends users of the affected products apply the available hotfix for their version via the Autodesk Desktop App.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FBX SDK 2020.3.2",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.autodesk.com/developer-network/platform-technologies/fbx-sdk-2020-3"
        },
        {
          "category": "vendor_fix",
          "details": "For more information, see the Autodesk Security Advisory.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-41304",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An out-of-bounds write vulnerability in versions of Autodesk FBX SDK prior to version 2020 could result in code execution or information disclosure through maliciously crafted FBX files. CVE-2022-41304 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41304"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Luxion recommends users using KeyShot 11.3 and prior versions to update to KeyShot 2023.1.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.keyshot.com/csirt/"
        },
        {
          "category": "vendor_fix",
          "details": "Autodesk recommends users of the affected products apply the available hotfix for their version via the Autodesk Desktop App.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FBX SDK 2020.3.2",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.autodesk.com/developer-network/platform-technologies/fbx-sdk-2020-3"
        },
        {
          "category": "vendor_fix",
          "details": "For more information, see the Autodesk Security Advisory.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

CERTFR-2023-AVI-0743

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer un déni de service, un contournement de la fonctionnalité de sécurité, une usurpation d'identité, une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 13
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft	N/A	Microsoft SharePoint Enterprise Server 2016
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.2
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.7
Microsoft	N/A	Microsoft Identity Linux Broker
Microsoft	N/A	3D Viewer
Microsoft	N/A	Dynamics 365 pour Finance and Operations
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.6
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft	N/A	Visual Studio Code
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.4
Microsoft	N/A	Microsoft SharePoint Server Subscription Edition
Microsoft	N/A	Microsoft Defender Security Intelligence Updates
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft	N/A	3D Builder
Microsoft	N/A	Microsoft SharePoint Server 2019

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 12 septembre 2023	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2023-36773 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36762 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-38163 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36760 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36764 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36770 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36757 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36744 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36771 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36796 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36777 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2022-41303 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36759 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36799 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36739 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36793 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36758 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36772 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-39956 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36756 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36736 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36794 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36886 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36792 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36742 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36740 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-38164 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36800 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36745 du 12 septembre 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Identity Linux Broker",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "3D Viewer",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Dynamics 365 pour Finance and Operations",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 23",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Visual Studio Code",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 9.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server Subscription Edition",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Defender Security Intelligence Updates",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "3D Builder",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2019",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-36800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36800"
    },
    {
      "name": "CVE-2023-36794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36794"
    },
    {
      "name": "CVE-2023-36777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36777"
    },
    {
      "name": "CVE-2023-36770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36770"
    },
    {
      "name": "CVE-2023-36739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36739"
    },
    {
      "name": "CVE-2023-36792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36792"
    },
    {
      "name": "CVE-2023-36772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36772"
    },
    {
      "name": "CVE-2023-36758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36758"
    },
    {
      "name": "CVE-2023-38163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38163"
    },
    {
      "name": "CVE-2023-36745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36745"
    },
    {
      "name": "CVE-2023-36760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36760"
    },
    {
      "name": "CVE-2023-36759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36759"
    },
    {
      "name": "CVE-2023-36757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36757"
    },
    {
      "name": "CVE-2023-36744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36744"
    },
    {
      "name": "CVE-2023-39956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39956"
    },
    {
      "name": "CVE-2023-36771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36771"
    },
    {
      "name": "CVE-2023-36756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36756"
    },
    {
      "name": "CVE-2023-38164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38164"
    },
    {
      "name": "CVE-2023-36762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36762"
    },
    {
      "name": "CVE-2023-36742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36742"
    },
    {
      "name": "CVE-2022-41303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41303"
    },
    {
      "name": "CVE-2023-36773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36773"
    },
    {
      "name": "CVE-2023-36764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36764"
    },
    {
      "name": "CVE-2023-36740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36740"
    },
    {
      "name": "CVE-2023-36886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36886"
    },
    {
      "name": "CVE-2023-36799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36799"
    },
    {
      "name": "CVE-2023-36796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36796"
    },
    {
      "name": "CVE-2023-36736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36736"
    },
    {
      "name": "CVE-2023-36793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36793"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36773 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36773"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36762 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36762"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38163 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38163"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36760 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36760"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36764 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36770 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36770"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36757 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36757"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36744 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36744"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36771 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36771"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36796 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36777 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36777"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41303 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41303"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36759 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36799 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36799"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36739 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36793 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36758 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36772 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36772"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-39956 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-39956"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36756 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36756"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36736 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36736"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36794 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36886 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36886"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36792 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36742 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36740 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36740"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38164 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38164"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36800 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36800"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36745 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745"
    }
  ],
  "reference": "CERTFR-2023-AVI-0743",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-09-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9, une usurpation d\u0027identit\u00e9, une ex\u00e9cution de\ncode arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}

CERTFR-2023-AVI-0743

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 13
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft	N/A	Microsoft SharePoint Enterprise Server 2016
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.2
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.7
Microsoft	N/A	Microsoft Identity Linux Broker
Microsoft	N/A	3D Viewer
Microsoft	N/A	Dynamics 365 pour Finance and Operations
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.6
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft	N/A	Visual Studio Code
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.4
Microsoft	N/A	Microsoft SharePoint Server Subscription Edition
Microsoft	N/A	Microsoft Defender Security Intelligence Updates
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft	N/A	3D Builder
Microsoft	N/A	Microsoft SharePoint Server 2019

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 12 septembre 2023	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2023-36773 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36762 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-38163 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36760 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36764 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36770 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36757 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36744 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36771 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36796 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36777 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2022-41303 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36759 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36799 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36739 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36793 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36758 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36772 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-39956 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36756 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36736 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36794 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36886 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36792 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36742 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36740 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-38164 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36800 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36745 du 12 septembre 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Identity Linux Broker",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "3D Viewer",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Dynamics 365 pour Finance and Operations",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 23",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Visual Studio Code",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 9.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server Subscription Edition",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Defender Security Intelligence Updates",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "3D Builder",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2019",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-36800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36800"
    },
    {
      "name": "CVE-2023-36794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36794"
    },
    {
      "name": "CVE-2023-36777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36777"
    },
    {
      "name": "CVE-2023-36770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36770"
    },
    {
      "name": "CVE-2023-36739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36739"
    },
    {
      "name": "CVE-2023-36792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36792"
    },
    {
      "name": "CVE-2023-36772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36772"
    },
    {
      "name": "CVE-2023-36758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36758"
    },
    {
      "name": "CVE-2023-38163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38163"
    },
    {
      "name": "CVE-2023-36745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36745"
    },
    {
      "name": "CVE-2023-36760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36760"
    },
    {
      "name": "CVE-2023-36759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36759"
    },
    {
      "name": "CVE-2023-36757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36757"
    },
    {
      "name": "CVE-2023-36744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36744"
    },
    {
      "name": "CVE-2023-39956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39956"
    },
    {
      "name": "CVE-2023-36771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36771"
    },
    {
      "name": "CVE-2023-36756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36756"
    },
    {
      "name": "CVE-2023-38164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38164"
    },
    {
      "name": "CVE-2023-36762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36762"
    },
    {
      "name": "CVE-2023-36742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36742"
    },
    {
      "name": "CVE-2022-41303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41303"
    },
    {
      "name": "CVE-2023-36773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36773"
    },
    {
      "name": "CVE-2023-36764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36764"
    },
    {
      "name": "CVE-2023-36740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36740"
    },
    {
      "name": "CVE-2023-36886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36886"
    },
    {
      "name": "CVE-2023-36799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36799"
    },
    {
      "name": "CVE-2023-36796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36796"
    },
    {
      "name": "CVE-2023-36736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36736"
    },
    {
      "name": "CVE-2023-36793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36793"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36773 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36773"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36762 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36762"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38163 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38163"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36760 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36760"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36764 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36770 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36770"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36757 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36757"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36744 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36744"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36771 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36771"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36796 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36777 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36777"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41303 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41303"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36759 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36799 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36799"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36739 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36793 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36758 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36772 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36772"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-39956 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-39956"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36756 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36756"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36736 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36736"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36794 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36886 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36886"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36792 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36742 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36740 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36740"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38164 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38164"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36800 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36800"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36745 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745"
    }
  ],
  "reference": "CERTFR-2023-AVI-0743",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-09-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9, une usurpation d\u0027identit\u00e9, une ex\u00e9cution de\ncode arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}

FKIE_CVE-2022-41303

Vulnerability from fkie_nvd - Published: 2022-10-14 17:15 - Updated: 2025-05-14 16:15

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@autodesk.com	https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	autodesk	fbx_software_development_kit	2020.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:autodesk:fbx_software_development_kit:2020.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8805EE28-F361-482B-81FC-4E31F2EDB85D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system."
    },
    {
      "lang": "es",
      "value": "Un usuario puede ser enga\u00f1ado para abrir un archivo FBX malicioso que puede explotar una vulnerabilidad de uso de memoria previamente liberada en Autodesk FBX SDK versi\u00f3n 2020 causando que la aplicaci\u00f3n haga referencia a una ubicaci\u00f3n de memoria controlada por un tercero no autorizado, ejecutando as\u00ed c\u00f3digo arbitrario en el sistema"
    }
  ],
  "id": "CVE-2022-41303",
  "lastModified": "2025-05-14T16:15:22.397",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-10-14T17:15:16.203",
  "references": [
    {
      "source": "psirt@autodesk.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022"
    }
  ],
  "sourceIdentifier": "psirt@autodesk.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GSD-2022-41303

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-41303

Aliases

CVE-2022-41303

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-41303",
    "id": "GSD-2022-41303"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-41303"
      ],
      "details": "A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.",
      "id": "GSD-2022-41303",
      "modified": "2023-12-13T01:19:32.415297Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@autodesk.com",
        "ID": "CVE-2022-41303",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "FBX SDK",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2020.3.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Out-Of-Bounds Write"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022",
            "refsource": "MISC",
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:fbx_software_development_kit:2020.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-41303"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-10-19T05:49Z",
      "publishedDate": "2022-10-14T17:15Z"
    }
  }
}

GHSA-H48V-98VX-HFJR

Vulnerability from github – Published: 2022-10-14 19:00 – Updated: 2022-10-19 12:00

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-41303"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-14T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.",
  "id": "GHSA-h48v-98vx-hfjr",
  "modified": "2022-10-19T12:00:19Z",
  "published": "2022-10-14T19:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41303"
    },
    {
      "type": "WEB",
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-41303 (GCVE-0-2022-41303)

WID-SEC-W-2023-2325

ICSA-23-073-02

CERTFR-2023-AVI-0743

Solution

CERTFR-2023-AVI-0743

Solution

FKIE_CVE-2022-41303

GSD-2022-41303

GHSA-H48V-98VX-HFJR

Tags

Sightings

Nomenclature