CVE-2014-2967

CWE-78 — OS Command Injection3 documents3 sources

Severity

10.0CRITICAL

EPSS

4.4%

top 11.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk Vred

Timeline

PublishedJul 7

Latest updateMay 17

Description

Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDautodesk/vred2014

🔴Vulnerability Details

GHSA

GHSA-g94v-8mrm-p53c: Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to↗2022-05-17

▶

CVEList

CVE-2014-2967: Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to↗2014-07-07

▶