CVE-2024-9500Creation of Temporary File in Directory with Insecure Permissions in Installer

CWE-379Creation of Temporary File in Directory with Insecure PermissionsCWE-269Improper Privilege Management3 documents3 sources
Severity
7.8HIGHNVD
EPSS
1.0%
top 22.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Autodesk Installer
Timeline
PublishedNov 15
Latest updateNov 16

Description

A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5autodesk/installer2.10.0.172.10.0.20
NVDautodesk/installer< 2.10.0.20

🔴Vulnerability Details

2
GHSA
GHSA-87wv-cch6-jjh9: A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of pri2024-11-16
CVEList
Autodesk ADP Desktop SDK Privilege Escalation Vulnerability2024-11-15
CVE-2024-9500 — Autodesk Installer vulnerability | cvebase