CVE-2022-27868 – A use-after-free vulnerability in Autodesk Auto... (How to Fix)

Q: What is the severity of CVE-2022-27868?

CVE-2022-27868 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in Autodesk AutoCAD 2023 allows attackers to execute arbitrary code by tricking users into opening malicious CAT files. This affects AutoCAD 2023 users who open untrusted CAT files. Successful exploitation could give attackers control over the victim's system.

📋 TL;DR

A use-after-free vulnerability in Autodesk AutoCAD 2023 allows attackers to execute arbitrary code by tricking users into opening malicious CAT files. This affects AutoCAD 2023 users who open untrusted CAT files. Successful exploitation could give attackers control over the victim's system.

💻 Affected Systems

Products:

Autodesk AutoCAD

Versions: 2023 versions prior to the March 2022 update

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All AutoCAD 2023 installations before patching are vulnerable when opening CAT files.

📦 What is this software?

Autocad by Autodesk

View all CVEs affecting Autocad →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the AutoCAD user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local code execution with user privileges, allowing file system access, credential harvesting, and installation of persistence mechanisms.

🟢

If Mitigated

No impact if users don't open untrusted CAT files and the system is properly patched.

🌐 Internet-Facing: LOW - Requires user interaction to open malicious files, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal users could be tricked via phishing or shared drives into opening malicious CAT files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to open malicious CAT file. No public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: March 2022 update for AutoCAD 2023

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005

Restart Required: Yes

Instructions:

1. Open AutoCAD 2023. 2. Go to Autodesk Desktop App or AutoCAD's update mechanism. 3. Install the March 2022 security update. 4. Restart AutoCAD and any related services.

🔧 Temporary Workarounds

Block CAT file extensions

windows

Prevent AutoCAD from opening CAT files via group policy or application restrictions

Using Group Policy: Computer Configuration > Administrative Templates > Windows Components > Attachment Manager > 'Do not preserve zone information in file attachments' set to Enabled

User awareness training

all

Train users not to open CAT files from untrusted sources

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized CAT file execution
Use email filtering to block CAT attachments and network monitoring for CAT file transfers

🔍 How to Verify

Check if Vulnerable:

Check AutoCAD version: If running AutoCAD 2023 without March 2022 update, system is vulnerable.

Check Version:

In AutoCAD: Type 'ABOUT' command or check Help > About AutoCAD

Verify Fix Applied:

Verify AutoCAD version shows March 2022 update installed and attempt to open a test CAT file (in safe environment) to confirm proper handling.

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs: Application crashes from AutoCAD.exe
AutoCAD log files showing CAT file processing errors

Network Indicators:

Unusual outbound connections from AutoCAD process
CAT file downloads from untrusted sources

SIEM Query:

source="*autocad*" AND (event_id=1000 OR "cat" OR "use-after-free")

📊 Metadata

CVE ID: CVE-2022-27868

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: June 21, 2022

Last Updated: November 21, 2024

🔗 References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005 Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-27868, you might also want to check these: