Insecure Privilege Management in Autodesk Installer Could Lead to Escalation of Privileges
CVE-2024-9500

7.2HIGH

Key Information:

Vendor: Autodesk
Status: Installer
Vendor: CVE Published:; 15 November 2024

What is CVE-2024-9500?

A vulnerability exists in Autodesk products where a maliciously crafted Dynamic Link Library (DLL) file can be placed in the temporary directories utilized by the Autodesk Installer. This scenario may allow an attacker to gain escalated privileges to the NT AUTHORITY/SYSTEM level, which can lead to severe security implications for affected systems. This vulnerability arises from improper management of user privileges during the installation process, highlighting the importance of safeguarding against unauthorized access through DLL manipulation.

Affected Version(s)

Installer 2.10.0.17 < 2.10.0.20

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2024