Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2024-1272
Vulnerability from csaf_certbund
Published
2024-06-02 22:00
Modified
2024-06-02 22:00
Summary
Autodesk AutoCAD: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
AutoCAD ist Teil der CAD (Computer Aided Design) Produktpalette von Autodesk.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Autodesk AutoCAD ausnutzen, um beliebigen Programmcode auszuführen, um einen Denial-of-Service-Zustand zu erzeugen und um Dateien zu manipulieren.
Betroffene Betriebssysteme
- Sonstiges
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "AutoCAD ist Teil der CAD (Computer Aided Design) Produktpalette von Autodesk.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Autodesk AutoCAD ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um einen Denial-of-Service-Zustand zu erzeugen und um Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1272 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1272.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1272 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1272"
},
{
"category": "external",
"summary": "Autodsk Trust Center Security Advisory vom 2024-06-02",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source_lang": "en-US",
"title": "Autodesk AutoCAD: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-06-02T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:09:45.367+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-1272",
"initial_release_date": "2024-06-02T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-06-02T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2024.1.4",
"product": {
"name": "Autodesk AutoCAD \u003c2024.1.4",
"product_id": "T035135"
}
}
],
"category": "product_name",
"name": "AutoCAD"
}
],
"category": "vendor",
"name": "Autodesk"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-23140",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD existieren mehrere Schwachstellen. Diese Schwachstellen bestehen beim Parsen verschiedener Dateitypen aufgrund verschiedener Sicherheitsprobleme wie einem Heap-Based-Buffer-Overflow, Speicherkorruption oder Out-of-Bounds-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und Dateien zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-06-02T22:00:00.000+00:00",
"title": "CVE-2024-23140"
},
{
"cve": "CVE-2024-23141",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD existieren mehrere Schwachstellen. Diese Schwachstellen bestehen beim Parsen verschiedener Dateitypen aufgrund verschiedener Sicherheitsprobleme wie einem Heap-Based-Buffer-Overflow, Speicherkorruption oder Out-of-Bounds-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und Dateien zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-06-02T22:00:00.000+00:00",
"title": "CVE-2024-23141"
},
{
"cve": "CVE-2024-23142",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD existieren mehrere Schwachstellen. Diese Schwachstellen bestehen beim Parsen verschiedener Dateitypen aufgrund verschiedener Sicherheitsprobleme wie einem Heap-Based-Buffer-Overflow, Speicherkorruption oder Out-of-Bounds-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und Dateien zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-06-02T22:00:00.000+00:00",
"title": "CVE-2024-23142"
},
{
"cve": "CVE-2024-23143",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD existieren mehrere Schwachstellen. Diese Schwachstellen bestehen beim Parsen verschiedener Dateitypen aufgrund verschiedener Sicherheitsprobleme wie einem Heap-Based-Buffer-Overflow, Speicherkorruption oder Out-of-Bounds-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und Dateien zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-06-02T22:00:00.000+00:00",
"title": "CVE-2024-23143"
},
{
"cve": "CVE-2024-23144",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD existieren mehrere Schwachstellen. Diese Schwachstellen bestehen beim Parsen verschiedener Dateitypen aufgrund verschiedener Sicherheitsprobleme wie einem Heap-Based-Buffer-Overflow, Speicherkorruption oder Out-of-Bounds-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und Dateien zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-06-02T22:00:00.000+00:00",
"title": "CVE-2024-23144"
},
{
"cve": "CVE-2024-23145",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD existieren mehrere Schwachstellen. Diese Schwachstellen bestehen beim Parsen verschiedener Dateitypen aufgrund verschiedener Sicherheitsprobleme wie einem Heap-Based-Buffer-Overflow, Speicherkorruption oder Out-of-Bounds-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und Dateien zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-06-02T22:00:00.000+00:00",
"title": "CVE-2024-23145"
},
{
"cve": "CVE-2024-23146",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD existieren mehrere Schwachstellen. Diese Schwachstellen bestehen beim Parsen verschiedener Dateitypen aufgrund verschiedener Sicherheitsprobleme wie einem Heap-Based-Buffer-Overflow, Speicherkorruption oder Out-of-Bounds-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und Dateien zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-06-02T22:00:00.000+00:00",
"title": "CVE-2024-23146"
},
{
"cve": "CVE-2024-23147",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD existieren mehrere Schwachstellen. Diese Schwachstellen bestehen beim Parsen verschiedener Dateitypen aufgrund verschiedener Sicherheitsprobleme wie einem Heap-Based-Buffer-Overflow, Speicherkorruption oder Out-of-Bounds-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und Dateien zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-06-02T22:00:00.000+00:00",
"title": "CVE-2024-23147"
},
{
"cve": "CVE-2024-23148",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD existieren mehrere Schwachstellen. Diese Schwachstellen bestehen beim Parsen verschiedener Dateitypen aufgrund verschiedener Sicherheitsprobleme wie einem Heap-Based-Buffer-Overflow, Speicherkorruption oder Out-of-Bounds-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und Dateien zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-06-02T22:00:00.000+00:00",
"title": "CVE-2024-23148"
},
{
"cve": "CVE-2024-23149",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD existieren mehrere Schwachstellen. Diese Schwachstellen bestehen beim Parsen verschiedener Dateitypen aufgrund verschiedener Sicherheitsprobleme wie einem Heap-Based-Buffer-Overflow, Speicherkorruption oder Out-of-Bounds-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und Dateien zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-06-02T22:00:00.000+00:00",
"title": "CVE-2024-23149"
},
{
"cve": "CVE-2024-37000",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD existieren mehrere Schwachstellen. Diese Schwachstellen bestehen beim Parsen verschiedener Dateitypen aufgrund verschiedener Sicherheitsprobleme wie einem Heap-Based-Buffer-Overflow, Speicherkorruption oder Out-of-Bounds-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und Dateien zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-06-02T22:00:00.000+00:00",
"title": "CVE-2024-37000"
},
{
"cve": "CVE-2024-37001",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD existieren mehrere Schwachstellen. Diese Schwachstellen bestehen beim Parsen verschiedener Dateitypen aufgrund verschiedener Sicherheitsprobleme wie einem Heap-Based-Buffer-Overflow, Speicherkorruption oder Out-of-Bounds-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und Dateien zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-06-02T22:00:00.000+00:00",
"title": "CVE-2024-37001"
},
{
"cve": "CVE-2024-37002",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD existieren mehrere Schwachstellen. Diese Schwachstellen bestehen beim Parsen verschiedener Dateitypen aufgrund verschiedener Sicherheitsprobleme wie einem Heap-Based-Buffer-Overflow, Speicherkorruption oder Out-of-Bounds-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und Dateien zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-06-02T22:00:00.000+00:00",
"title": "CVE-2024-37002"
},
{
"cve": "CVE-2024-37003",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD existieren mehrere Schwachstellen. Diese Schwachstellen bestehen beim Parsen verschiedener Dateitypen aufgrund verschiedener Sicherheitsprobleme wie einem Heap-Based-Buffer-Overflow, Speicherkorruption oder Out-of-Bounds-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und Dateien zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-06-02T22:00:00.000+00:00",
"title": "CVE-2024-37003"
},
{
"cve": "CVE-2024-37004",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD existieren mehrere Schwachstellen. Diese Schwachstellen bestehen beim Parsen verschiedener Dateitypen aufgrund verschiedener Sicherheitsprobleme wie einem Heap-Based-Buffer-Overflow, Speicherkorruption oder Out-of-Bounds-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und Dateien zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-06-02T22:00:00.000+00:00",
"title": "CVE-2024-37004"
},
{
"cve": "CVE-2024-37005",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD existieren mehrere Schwachstellen. Diese Schwachstellen bestehen beim Parsen verschiedener Dateitypen aufgrund verschiedener Sicherheitsprobleme wie einem Heap-Based-Buffer-Overflow, Speicherkorruption oder Out-of-Bounds-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und Dateien zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-06-02T22:00:00.000+00:00",
"title": "CVE-2024-37005"
}
]
}
cve-2024-37005
Vulnerability from cvelistv5
Published
2024-06-25 03:13
Modified
2024-08-02 03:43
Severity ?
EPSS score ?
Summary
A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | AutoCAD, Advance Steel and Civil 3D |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advance_steel",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "civil_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:24:16.255743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:24:21.346Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AutoCAD, Advance Steel and Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T03:34:34.440Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-37005",
"datePublished": "2024-06-25T03:13:51.990Z",
"dateReserved": "2024-05-30T20:11:46.549Z",
"dateUpdated": "2024-08-02T03:43:50.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37002
Vulnerability from cvelistv5
Published
2024-06-25 03:07
Modified
2024-08-02 03:43
Severity ?
EPSS score ?
Summary
A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | AutoCAD, Advance Steel and Civil 3D |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_advance_steel",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "civil_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:12:54.230669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:15:09.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AutoCAD, Advance Steel and Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T03:07:28.673Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-37002",
"datePublished": "2024-06-25T03:07:28.673Z",
"dateReserved": "2024-05-30T20:11:46.549Z",
"dateUpdated": "2024-08-02T03:43:50.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37003
Vulnerability from cvelistv5
Published
2024-06-25 03:12
Modified
2024-08-02 03:43
Severity ?
EPSS score ?
Summary
A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | AutoCAD, Advance Steel and Civil 3D |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advance_steel",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "civil_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:25:12.539478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:25:18.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AutoCAD, Advance Steel and Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T03:12:13.660Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-37003",
"datePublished": "2024-06-25T03:12:13.660Z",
"dateReserved": "2024-05-30T20:11:46.549Z",
"dateUpdated": "2024-08-02T03:43:50.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37001
Vulnerability from cvelistv5
Published
2024-06-25 03:03
Modified
2024-08-02 03:43
Severity ?
EPSS score ?
Summary
[A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | AutoCAD, Advance Steel and Civil 3D |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advance_steel",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "civil_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:27:08.824776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:27:16.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AutoCAD, Advance Steel and Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "[\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "[A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T03:03:33.153Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-37001",
"datePublished": "2024-06-25T03:03:33.153Z",
"dateReserved": "2024-05-30T20:11:46.549Z",
"dateUpdated": "2024-08-02T03:43:50.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23149
Vulnerability from cvelistv5
Published
2024-06-25 02:43
Modified
2024-11-12 19:55
Severity ?
EPSS score ?
Summary
A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | AutoCAD, Advance Steel and Civil 3D |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:18:08.558926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T19:55:39.180Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AutoCAD, Advance Steel and Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T02:43:08.569Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-23149",
"datePublished": "2024-06-25T02:43:08.569Z",
"dateReserved": "2024-01-11T21:51:21.127Z",
"dateUpdated": "2024-11-12T19:55:39.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23144
Vulnerability from cvelistv5
Published
2024-06-25 02:10
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | AutoCAD, Advance Steel and Civil 3D |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advance_steel",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "civil_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23144",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:31:17.885600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:31:22.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AutoCAD, Advance Steel and Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T02:10:02.389Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-23144",
"datePublished": "2024-06-25T02:10:02.389Z",
"dateReserved": "2024-01-11T21:51:08.013Z",
"dateUpdated": "2024-08-01T22:59:31.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23143
Vulnerability from cvelistv5
Published
2024-06-25 02:05
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | Autodesk applications |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advance_steel",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "civil_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:32:09.443136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:32:13.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Autodesk applications",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T02:05:33.461Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-23143",
"datePublished": "2024-06-25T02:05:33.461Z",
"dateReserved": "2024-01-11T21:51:08.013Z",
"dateUpdated": "2024-08-01T22:59:31.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23140
Vulnerability from cvelistv5
Published
2024-06-25 01:01
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | Autodesk applications |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advance_steel",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "civil_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_architecture",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_electrical",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_map_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mechanical",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mep",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_plant_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:57:54.776746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:58:02.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Autodesk applications",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T01:01:56.652Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-23140",
"datePublished": "2024-06-25T01:01:56.652Z",
"dateReserved": "2024-01-11T21:51:08.013Z",
"dateUpdated": "2024-08-01T22:59:31.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23147
Vulnerability from cvelistv5
Published
2024-06-25 02:32
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | AutoCAD, Advance Steel and Civil 3D |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advance_steel",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "civil_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23147",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:29:29.658321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:29:34.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AutoCAD, Advance Steel and Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Memory Corruption - Generic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T02:32:13.779Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-23147",
"datePublished": "2024-06-25T02:32:13.779Z",
"dateReserved": "2024-01-11T21:51:21.127Z",
"dateUpdated": "2024-08-01T22:59:31.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37004
Vulnerability from cvelistv5
Published
2024-06-25 03:13
Modified
2024-08-02 03:43
Severity ?
EPSS score ?
Summary
A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | AutoCAD, Advance Steel and Civil 3D |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advance_steel",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "civil_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37004",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:24:45.484817Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:24:49.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AutoCAD, Advance Steel and Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T03:13:05.174Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-37004",
"datePublished": "2024-06-25T03:13:05.174Z",
"dateReserved": "2024-05-30T20:11:46.549Z",
"dateUpdated": "2024-08-02T03:43:50.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23142
Vulnerability from cvelistv5
Published
2024-06-25 01:24
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | Autodesk applications |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advance_steel",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "civil_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_architecture",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_electrical",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_map_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mechanical",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mep",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_plant_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:36:51.042238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:48:11.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Autodesk applications",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T01:24:02.359Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-23142",
"datePublished": "2024-06-25T01:24:02.359Z",
"dateReserved": "2024-01-11T21:51:08.013Z",
"dateUpdated": "2024-08-01T22:59:31.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23141
Vulnerability from cvelistv5
Published
2024-06-25 01:22
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | Autodesk applications |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advance_steel",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "civil_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_architecture",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_electrical",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_map_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mechanical",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_mep",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad_plant_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:49:27.556946Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:49:33.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Autodesk applications",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T01:22:38.407Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-23141",
"datePublished": "2024-06-25T01:22:38.407Z",
"dateReserved": "2024-01-11T21:51:08.013Z",
"dateUpdated": "2024-08-01T22:59:31.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23148
Vulnerability from cvelistv5
Published
2024-06-25 02:42
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | AutoCAD, Advance Steel and Civil 3D |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advance_steel",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "civil_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:28:48.562977Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:28:53.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AutoCAD, Advance Steel and Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Memory Corruption - Generic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T02:42:11.300Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-23148",
"datePublished": "2024-06-25T02:42:11.300Z",
"dateReserved": "2024-01-11T21:51:21.127Z",
"dateUpdated": "2024-08-01T22:59:32.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23146
Vulnerability from cvelistv5
Published
2024-06-25 02:28
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | AutoCAD, Advance Steel and Civil 3D |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advance_steel",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "civil_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:30:00.518542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:30:06.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AutoCAD, Advance Steel and Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T02:28:20.607Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-23146",
"datePublished": "2024-06-25T02:28:20.607Z",
"dateReserved": "2024-01-11T21:51:21.127Z",
"dateUpdated": "2024-08-01T22:59:31.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23145
Vulnerability from cvelistv5
Published
2024-06-25 02:27
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
A maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | AutoCAD, Advance Steel and Civil 3D |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advance_steel",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "civil_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:30:24.476007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:30:33.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AutoCAD, Advance Steel and Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T02:27:23.995Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-23145",
"datePublished": "2024-06-25T02:27:23.995Z",
"dateReserved": "2024-01-11T21:51:21.127Z",
"dateUpdated": "2024-08-01T22:59:31.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37000
Vulnerability from cvelistv5
Published
2024-06-25 03:01
Modified
2024-08-02 03:43
Severity ?
EPSS score ?
Summary
A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Autodesk | AutoCAD, Advance Steel and Civil 3D |
Version: 2024 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "autocad",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advance_steel",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "civil_3d",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:23:33.352025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:23:40.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AutoCAD, Advance Steel and Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Memory Corruption - Generic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T03:01:53.604Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-37000",
"datePublished": "2024-06-25T03:01:53.604Z",
"dateReserved": "2024-05-30T20:11:46.549Z",
"dateUpdated": "2024-08-02T03:43:50.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.