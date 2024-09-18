Summary

Autodesk Desktop Licensing Service has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities could lead to code execution due to weak permissions.

Description

The details of the vulnerabilities are as follows:

Vulnerable Library: Agent (LibCurl)

CVEs:

Vulnerable Library: Agent (OpenSSL 1.0.2)

CVEs:

*Note: Fixes Applied to Autodesk Traffic Simulation

Affected Products

Item: Autodesk Desktop Licensing Installer

Impacted Versions: 13.3.1

Mitigated Versions: 14.0

Update Source:

Autodesk Knowledge Network (AKN) &Autodesk Accounts

*Note: Product list table contents are subject to change.

Recommendations

Autodesk highly recommends that customers who use the affected product version obtain and apply the latest Hotfixes referenced above via the Autodesk Knowledge Network (AKN) and Autodesk Desktop Accounts.

Customers using previous versions that no longer qualify for full support should plan to upgrade to a supported version as soon as possible to avoid downtime and potential security vulnerabilities. Visit the Autodesk Knowledge Network for more information about previous version support.

Acknowledgements

We would like to thank the followingfor reporting the relevantissues and for working with Autodesk to help protect our customers:

Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative for reporting CVE-2023-25002

Related Information

More information on the Autodesk Desktop Licensing Service Installer can be found on Autodesk Knowledge Network.

Revision History

Revision: 1.0

Date: 11/27/2023

Description: Initial Release of the Security Advisory

Revision: 1.1

Date: 1/12/2024

Description: Added new CVEs in Description for Linux 14.0 release

Related Information

More information on related security advisories can be found on the Autodesk Trust Center.