All the vulnerabilites related to Autodesk - Autodesk applications
cve-2024-23143
Vulnerability from cvelistv5
Published
2024-06-25 02:05
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | Autodesk applications |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advance_steel",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "civil_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:32:09.443136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:32:13.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Autodesk applications",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T02:05:33.461Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-23143",
"datePublished": "2024-06-25T02:05:33.461Z",
"dateReserved": "2024-01-11T21:51:08.013Z",
"dateUpdated": "2024-08-01T22:59:31.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23140
Vulnerability from cvelistv5
Published
2024-06-25 01:01
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | Autodesk applications |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advance_steel",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "civil_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_architecture",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_electrical",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_map_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mechanical",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mep",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_plant_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:57:54.776746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:58:02.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Autodesk applications",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T01:01:56.652Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-23140",
"datePublished": "2024-06-25T01:01:56.652Z",
"dateReserved": "2024-01-11T21:51:08.013Z",
"dateUpdated": "2024-08-01T22:59:31.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23121
Vulnerability from cvelistv5
Published
2024-02-22 01:18
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | Autodesk applications |
Version: 2024, 2023, 2022, 2021 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_electrical",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_map_3d",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_plant_3d",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_advance_steel",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_civil_3d",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_architecture",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mechanical",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mep",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T14:39:38.054542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T16:44:37.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Autodesk applications",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024, 2023, 2022, 2021"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-15T04:06:31.560Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
},
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
},
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-23121",
"datePublished": "2024-02-22T01:18:23.487Z",
"dateReserved": "2024-01-11T21:46:45.745Z",
"dateUpdated": "2024-08-01T22:59:31.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23142
Vulnerability from cvelistv5
Published
2024-06-25 01:24
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | Autodesk applications |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advance_steel",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "civil_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_architecture",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_electrical",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_map_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mechanical",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mep",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_plant_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:36:51.042238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:48:11.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Autodesk applications",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T01:24:02.359Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-23142",
"datePublished": "2024-06-25T01:24:02.359Z",
"dateReserved": "2024-01-11T21:51:08.013Z",
"dateUpdated": "2024-08-01T22:59:31.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23141
Vulnerability from cvelistv5
Published
2024-06-25 01:22
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | Autodesk applications |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advance_steel",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "civil_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_architecture",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_electrical",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_map_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mechanical",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mep",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_plant_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:49:27.556946Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:49:33.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Autodesk applications",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T01:22:38.407Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-23141",
"datePublished": "2024-06-25T01:22:38.407Z",
"dateReserved": "2024-01-11T21:51:08.013Z",
"dateUpdated": "2024-08-01T22:59:31.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0446
Vulnerability from cvelistv5
Published
2024-02-21 23:16
Modified
2024-08-01 18:04
Severity ?
EPSS score ?
Summary
A maliciously crafted STP, CATPART or MODEL file when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | Autodesk applications |
Version: 2024, 2023, 2022 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_electrical",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_map_3d",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_advance_steel",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_civil_3d",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_architecture",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mechanical",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mep",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_plant_3d",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0446",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T18:06:35.579754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T16:46:59.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Autodesk applications",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024, 2023, 2022"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted STP, CATPART or MODEL file when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted STP, CATPART or MODEL file when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T19:57:33.404Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
},
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
},
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-0446",
"datePublished": "2024-02-21T23:16:32.477Z",
"dateReserved": "2024-01-11T21:51:23.386Z",
"dateUpdated": "2024-08-01T18:04:49.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23120
Vulnerability from cvelistv5
Published
2024-02-21 23:36
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
A maliciously crafted STP and STEP file when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll and through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | Autodesk applications |
Version: 2024, 2023, 2022, 2021 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_electrical",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_map_3d",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_advance_steel",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_civil_3d",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_architecture",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mechanical",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mep",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_plant_3d",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T16:45:26.511301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T16:45:51.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:30.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Autodesk applications",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024, 2023, 2022, 2021"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted STP and STEP file when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll and through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted STP and STEP file when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll and through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-15T03:00:29.897Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
},
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
},
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-23120",
"datePublished": "2024-02-21T23:36:13.617Z",
"dateReserved": "2024-01-11T21:46:45.745Z",
"dateUpdated": "2024-08-01T22:59:30.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23134
Vulnerability from cvelistv5
Published
2024-02-22 04:27
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
A maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | Autodesk applications |
Version: 2024, 2023, 2022, 2021 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_electrical",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_map_3d",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_advance_steel",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_civil_3d",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_architecture",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mechanical",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mep",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_plant_3d",
"vendor": "autodesk",
"versions": [
{
"lessThan": "2021.1.4",
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"lessThan": "2022.1.4",
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"lessThan": "2023.1.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2025.0.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T14:40:30.040434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T16:44:12.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Autodesk applications",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024, 2023, 2022, 2021"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T16:40:43.278Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
},
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
},
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-23134",
"datePublished": "2024-02-22T04:27:15.155Z",
"dateReserved": "2024-01-11T21:47:40.856Z",
"dateUpdated": "2024-08-01T22:59:31.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}