CVE-2021-27032 – CVE-2021-27032 is a privilege escalation vulner... (How to Fix)

Q: What is the severity of CVE-2021-27032?

CVE-2021-27032 has a CVSS score of 7.8 (HIGH). CVE-2021-27032 is a privilege escalation vulnerability in Autodesk Licensing Installer where weak service permissions allow any local user to modify service configurations and take ownership. This enables attackers with limited privileges to escalate to SYSTEM/administrator privileges. Affects systems running vulnerable Autodesk Licensing Service versions.

📋 TL;DR

CVE-2021-27032 is a privilege escalation vulnerability in Autodesk Licensing Installer where weak service permissions allow any local user to modify service configurations and take ownership. This enables attackers with limited privileges to escalate to SYSTEM/administrator privileges. Affects systems running vulnerable Autodesk Licensing Service versions.

💻 Affected Systems

Products:

Autodesk Licensing Service
Autodesk Licensing Installer

Versions: Versions prior to 10.2.0.134

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Windows systems where Autodesk Licensing Service is installed with weak permissions on service configuration.

📦 What is this software?

Licensing Services by Autodesk

View all CVEs affecting Licensing Services →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise where attackers gain SYSTEM privileges, install persistent backdoors, steal credentials, and move laterally across the network.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, install malware, or access restricted data on the compromised system.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, though the vulnerability still exists and could be exploited by determined attackers.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring existing local access to the system.

🏢 Internal Only: HIGH - Any compromised user account (even low-privilege) on affected systems can escalate to full administrative control.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local user access but uses standard Windows privilege escalation techniques. Tools like PowerSploit and Metasploit modules exist for similar service permission vulnerabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.2.0.134 and later

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0002

Restart Required: Yes

Instructions:

1. Download latest Autodesk Licensing Service from Autodesk Knowledge Network. 2. Run the installer as administrator. 3. Restart the system to ensure service updates take effect.

🔧 Temporary Workarounds

Restrict Service Permissions

windows

Manually adjust service permissions to remove write access for non-administrative users

sc.exe sdset "Autodesk Licensing Service" D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Disable Service if Not Required

windows

Stop and disable the Autodesk Licensing Service if not needed for functionality

sc.exe stop "Autodesk Licensing Service"
sc.exe config "Autodesk Licensing Service" start= disabled

🧯 If You Can't Patch

Implement strict least privilege access controls to limit who can log into affected systems
Enable detailed auditing of service configuration changes and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check service permissions using: sc.exe sdshow "Autodesk Licensing Service" | findstr "WD" (if WD appears in permissions, system may be vulnerable)

Check Version:

sc.exe query "Autodesk Licensing Service" | findstr "STATE"

Verify Fix Applied:

Verify service version is 10.2.0.134 or later and check that non-admin users cannot modify service configuration

📡 Detection & Monitoring

Log Indicators:

Event ID 4697: Service configuration changes in Windows Security logs
Unexpected service stops/starts
Privilege escalation attempts

Network Indicators:

Unusual outbound connections from systems after local privilege escalation

SIEM Query:

source="WinEventLog:Security" (EventCode=4697 AND ServiceName="Autodesk Licensing Service") OR (EventCode=4672 AND SubjectUserName!="SYSTEM")

📊 Metadata

CVE ID: CVE-2021-27032

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-276

Published: May 28, 2021

Last Updated: November 21, 2024

🔗 References

https://knowledge.autodesk.com/search-result/caas/downloads/content/autodesk-licensing-service-download.html Product,Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0002 Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0002%3B
https://knowledge.autodesk.com/search-result/caas/downloads/content/autodesk-licensing-service-download.html Product,Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0002 Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0002%3B

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27032, you might also want to check these: