Detections
Analytics

Autodesk VRED Python API Remote Code Execution

critical Nessus Plugin ID 76775

Language:

Synopsis

An application on the remote host is affected by a remote code execution vulnerability.

Description

The remote host has a version of Autodesk VRED that is vulnerable to an unauthenticated remote code execution via a Python API exposed by its built-in web server. This can allow a remote attacker to execute arbitrary code on the host.

Solution

Upgrade to Autodesk VRED 2014 SR1 SP8 or higher.

See Also

https://www.autodesk.com/products/vred/overview

Plugin Details

Severity: Critical

ID: 76775

File Name: autodesk_vred_cve-2014-2967.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 7/24/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:autodesk:vred

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 6/26/2014

Vulnerability Publication Date: 6/26/2014

Reference Information

CVE: CVE-2014-2967

BID: 68364

CERT: 402020