CVE-2021-43390
📋 TL;DR
CVE-2021-43390 is an out-of-bounds write vulnerability in Open Design Alliance Drawings SDK that allows remote code execution when processing malicious DGN files. Attackers can exploit this by tricking users into opening specially crafted DGN files, potentially taking control of the affected system. This affects any application using vulnerable versions of the ODA Drawings SDK to handle DGN files.
💻 Affected Systems
- Open Design Alliance Drawings SDK
- Applications using ODA Drawings SDK for DGN file processing
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker executing arbitrary code in the context of the application, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Application crash or arbitrary code execution when a user opens a malicious DGN file, potentially leading to malware installation or data exfiltration.
If Mitigated
Limited impact with proper network segmentation, application sandboxing, and user education preventing malicious file execution.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious file, but the vulnerability itself is unauthenticated. Multiple ZDI advisories suggest active exploitation is likely.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2022.11 or later
Vendor Advisory: https://www.opendesign.com/security-advisories
Restart Required: Yes
Instructions:
1. Identify applications using ODA Drawings SDK
2. Update to ODA Drawings SDK version 2022.11 or later
3. Update any dependent applications
4. Restart affected services and applications
🔧 Temporary Workarounds
Block DGN file processing
allPrevent applications from processing DGN files through file type blocking or application configuration
Application sandboxing
allRun applications that process DGN files in restricted environments or containers
🧯 If You Can't Patch
- Implement strict file upload validation and scanning for DGN files
- Educate users about the risks of opening DGN files from untrusted sources
🔍 How to Verify
Check if Vulnerable:
Check if applications use ODA Drawings SDK version earlier than 2022.11 for DGN file processingCheck Version:
Check application documentation or contact vendor for ODA SDK version informationVerify Fix Applied:
Verify ODA Drawings SDK version is 2022.11 or later and test DGN file processing functionality📡 Detection & Monitoring
Log Indicators:
- Application crashes when processing DGN files
- Unusual process creation from DGN file handlers
- Memory access violations in application logs
Network Indicators:
- Unexpected outbound connections after DGN file processing
- File downloads of DGN files from untrusted sources
SIEM Query:
Process creation events from applications known to handle DGN files, especially with suspicious parent processes or command-line arguments🔗 References
- https://www.opendesign.com/security-advisories
- https://www.zerodayinitiative.com/advisories/ZDI-21-1347/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1348/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1362/
- https://www.opendesign.com/security-advisories
- https://www.zerodayinitiative.com/advisories/ZDI-21-1347/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1348/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1362/
