HTTP: Autodesk FBX Review ZIP Directory Traversal
This signature detects attempts to exploit a known vulnerability against Autodesk FBX Review. A successful attack can lead to directory traversal and arbitrary code execution.
Extended Description
A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBXs Review causing it to run arbitrary code on the system.
Affected Products
Autodesk fbx_review
References
CVE: CVE-2021-22797
URL: http://www.zerodayinitiative.com/advisories/ZDI-21-1070/ https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001 https://www.myscada.org/version-8-22-0-released-security-update/ http://www.zerodayinitiative.com/advisories/ZDI-21-1102/ https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-01
Short Name
HTTP:DIR:AUTODSK-FBX-ZIP-DIRTRV
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Autodesk CVE-2021-22797 CVE-2021-27030 CVE-2021-43555 Directory FBX Review Traversal ZIP
Release Date
11/11/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3699
False Positive
Unknown
Vendors
Autodesk
CVSS Score
9.3
6.8