CVE-2022-27873 — HIGH (7.8)

Q: How severe is CVE-2022-27873?

CVE-2022-27873 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-27873?

Check the references section above for vendor advisories and patch information. Affected products include: Autodesk Fusion 360.

Vulnerability Description

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Autodesk	Fusion 360	<= 2.0.12887

Related Weaknesses (CWE)

CWE-611

References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013Vendor Advisory

FAQ

What is CVE-2022-27873?

CVE-2022-27873 is a vulnerability with a CVSS score of 7.8 (HIGH). An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the ...

How severe is CVE-2022-27873?

CVE-2022-27873 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-27873?

Check the references section above for vendor advisories and patch information. Affected products include: Autodesk Fusion 360.