CVE-2021-40158
High
Published: 25 January 2022
Published
25 January 2022
Modified
21 November 2024
KEV Added
—
Patch
—
CVSS Score v3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.0044
63.8th percentile
Risk Priority
16
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2021-40158 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Autodesk Inventor. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 36.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-27343
Vulnerability details
A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution…
more
in the context of the current process.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
autodesk
advance steel
2022 — 2022.1.2
autodesk
autocad
2022 — 2022.1.2
autodesk
autocad architecture
2022 — 2022.1.2
autodesk
autocad electrical
2022 — 2022.1.2
autodesk
autocad lt
2022 — 2022.1.2
autodesk
autocad map 3d
2022 — 2022.1.2
autodesk
autocad mechanical
2022 — 2022.1.2
autodesk
autocad mep
2022 — 2022.1.2
autodesk
autocad plant 3d
2022 — 2022.1.2
autodesk
civil 3d
2022 — 2022.1.2
+1 more product configuration(s) — see NVD for full list
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.