All users who have an unpatched version of Autodesk AutoCAD 2023 installed are at risk. This issue is widespread and affects all major operating systems and hardware.
How do I protect myself? Stay updated on the latest release information and patches for your operating system and ensure that your installation of Autodesk products are up to date.
CVE-2018-15983 - Autodesk products are affected by multiple cross-site scripting vulnerabilities. An attacker can exploit these issues to execute script code in the context of your session.
In some cases, these cross-site scripting issues may allow an attacker to steal your session cookie, redirect your browser to another site, display a fake warning message, or execute script code in the context of your session.
Reduce your online exposure by disabling or limiting access to social media, unsecure Wi-Fi networks, and other services that impose limitations on the security of their data. CVE-2018-16417 - An information disclosure vulnerability exists in the way that Autodesk versions prior to 2018 versions handle URLs that are loaded via the Google Ads API. This may allow an attacker to determine the layout of the application.
CVE-2018-16418 - An information disclosure vulnerability exists in the way that Autodesk versions prior to 2018 versions handle URLs that are loaded via the Google Ads API. This may allow an attacker to determine the layout of the application.
CVE-2018-16419 -
What do users need to do to protect themselves?
Protect your assets by following these recommendations:
- Stay up to date on the latest release information and patches for your operating system, hardware, and software
- Run reliable anti-virus scanning software to detect and remove malicious files that may have been introduced to your system by autodesk products
- Install Microsoft updates to protect against known vulnerabilities
Tool Upgrade Notifications
Autodesk will make notifications when a security update is released. These notifications are triggered by the release of new software tools, service packs, or updates to software products. Notification messages will be sent via email and/or posted on Autodesk's website.
Timeline
Published on: 10/03/2022 15:15:00 UTC
Last modified on: 10/05/2022 19:12:00 UTC