CVE-2023-29069: 
Autodesk Desktop Connector vulnerability analysis and mitigation

A privilege escalation vulnerability was identified in Autodesk Desktop Connector software (CVE-2023-29069). The vulnerability allows an attacker to force installation of a maliciously crafted DLL file to a non-default location and overwrite parts of the product with malicious DLLs, which may then have elevated privileges (Vendor Advisory). This vulnerability affects Autodesk Desktop Connector versions 16.2.1 and prior.

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-427 (Uncontrolled Search Path Element). The issue allows local attackers to exploit DLL loading mechanisms to achieve privilege escalation through manipulation of installation paths (NVD).

If successfully exploited, this vulnerability could lead to privilege escalation, allowing attackers to execute code with elevated privileges. This could potentially compromise the confidentiality, integrity, and availability of the affected system (Vendor Advisory).

Autodesk has released version 16.3 to address this vulnerability. Users are strongly recommended to download and install the security hotfix via Autodesk Access or Accounts Portal. Users of previous versions that no longer qualify for full support should upgrade to a supported version as soon as possible (Vendor Advisory).

The vulnerability was reported by security researcher wdormann, who worked with Autodesk to help protect their customers (Vendor Advisory).