First published: Fri Jul 29 2022(Updated: )
An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information.
Credit: psirt@autodesk.com
Affected Software | Affected Version | How to fix |
---|---|---|
Autodesk Fusion 360 | <=2.0.12887 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-27873.
The severity of CVE-2022-27873 is high with a severity value of 7.8.
Autodesk Fusion 360 version up to and including 2.0.12887 is affected by CVE-2022-27873.
An attacker can exploit CVE-2022-27873 by forcing the victim's device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360's document parser.
The fix for CVE-2022-27873 is not mentioned in the provided information. Please refer to the reference link for more information.