Vulnerability Details : CVE-2019-7364
DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.
Products affected by CVE-2019-7364
- cpe:2.3:a:autodesk:autocad:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad:2017:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad:2019:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad:2020:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:2017:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:2019:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:2020:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_lt:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_lt:2017:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_lt:2020:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_lt:2019:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:2017:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:2019:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:2020:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:2017:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:2020:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:2019:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:2019:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:2017:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:2020:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:2017:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:2019:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:2020:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_p\&id:2017:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:2017:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:2019:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:2020:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:2019:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:2017:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:2020:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:civil_3d:2018:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:civil_3d:2019:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:civil_3d:2017:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:civil_3d:2020:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-7364
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-7364
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2019-7364
-
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-7364
-
https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002
Security Advisories | Autodesk Trust CenterPatch;Vendor Advisory
Jump to