CVE-2022-27873: XEE
First published: Fri Jul 29 2022(Updated: )
An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information.
Credit: psirt@autodesk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Autodesk Fusion 360 | <=2.0.12887 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-27873.
What is the severity of CVE-2022-27873?
The severity of CVE-2022-27873 is high with a severity value of 7.8.
Which software is affected by CVE-2022-27873?
Autodesk Fusion 360 version up to and including 2.0.12887 is affected by CVE-2022-27873.
How can an attacker exploit CVE-2022-27873?
An attacker can exploit CVE-2022-27873 by forcing the victim's device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360's document parser.
Is there a fix for CVE-2022-27873?
The fix for CVE-2022-27873 is not mentioned in the provided information. Please refer to the reference link for more information.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/autodesk
- canonical/autodesk fusion 360
- version/autodesk fusion 360/2.0.12887