CVE-2022-33882 An attacker could create an unintended sphere of control through a vulnerability in ADA's file delete operation.

Users are advised to keep their app downloaded on devices up to date and disable the file delete operation from the menu if not needed. In addition, Autodesk recommends restricting access to the file system and providing strong authentication for remote access to the desktop app. Autodesk is aware of this issue and is working on a fix.

Autodesk Product Security Updates and Notifications

Autodesk regularly updates product security as needed. The company also provides notifications through the Autodesk Security Response Center and AutoCAD Technical Support. All product security updates are publicly available in Autodesk Updates.
If you have any questions about this product update, please contact your local support center or visit the Security Response Center for more information at https://security.autodesk.com/security-response-center.

Upgrade to Latest Desktop App for Windows and Macintosh

Autodesk is aware of this issue and has already released a patch or update for the app. This can be found on the Autodesk website on the download page, under the "This Update Includes an Important Security Patch."

It's important to make sure that your apps are up-to-date. If you haven't updated your app in a while, it's likely that the latest version will provide more security than older versions. Because of this, users should upgrade their desktop app to fix this issue. Additionally, it is recommended that users disable file delete from the menu if they do not need it and restrict access to their desktop app as well.

References

- https://blogs.autodesk.com/security/2019/03/17/autocad-desktop-product-security-update

The Autodesk Desktop product includes several services that use file IO (e.g., Autodesk Inventor, AutoCAD) on the desktop. The latest update to the product includes fixes to avoid potential privilege escalation vulnerabilities when opening files or copying them to and from the desktop.

Timeline

Published on: 10/03/2022 16:15:00 UTC
Last modified on: 10/05/2022 14:16:00 UTC

References