Cyber Resilience

CVE-2022-33884

High

Published: 03 October 2022

Published
03 October 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0076 73.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-33884 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Autodesk Autocad. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 26.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

autodesk
autocad
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad advance steel
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad architecture
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad civil 3d
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad electrical
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad lt
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad map 3d
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad mechanical
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad mep
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad plant 3d
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References