CVE-2022-33882

{"id": "CVE-2022-33882", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-10-03T16:15:12.563", "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0015", "tags": ["Vendor Advisory"], "source": "psirt@autodesk.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code."}, {"lang": "es", "value": "Bajo determinadas condiciones, un atacante podr\u00eda crear una esfera de control no intencionada mediante una vulnerabilidad presente en la operaci\u00f3n de eliminaci\u00f3n de archivos en la aplicaci\u00f3n de escritorio de Autodesk (ADA). Un atacante podr\u00eda aprovechar esta vulnerabilidad para escalar privilegios y ejecutar c\u00f3digo arbitrario"}], "lastModified": "2022-10-05T14:16:41.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:autodesk_desktop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36D0DB05-26C9-4529-8AC0-68F73D0BF3E2", "versionEndIncluding": "8.4.0.50"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@autodesk.com"}