CVE-2024-23136

A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
autodeskCNA
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADPADP
7.5 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
autodeskautocad_electrical
2021 ≤
𝑥
< 2021.1.4
autodeskautocad_electrical
2022 ≤
𝑥
< 2022.1.4
autodeskautocad_electrical
2023 ≤
𝑥
< 2023.1.5
autodeskautocad_electrical
2024 ≤
𝑥
< 2024.1.3
autodeskautocad_electrical
2025 ≤
𝑥
< 2025.0.1
autodeskautocad_mechanical
2021 ≤
𝑥
< 2021.1.4
autodeskautocad_mechanical
2022 ≤
𝑥
< 2022.1.4
autodeskautocad_mechanical
2023 ≤
𝑥
< 2023.1.5
autodeskautocad_mechanical
2024 ≤
𝑥
< 2024.1.3
autodeskautocad_mechanical
2025 ≤
𝑥
< 2025.0.1
autodeskautocad_mep
2021 ≤
𝑥
< 2021.1.4
autodeskautocad_mep
2022 ≤
𝑥
< 2022.1.4
autodeskautocad_mep
2023 ≤
𝑥
< 2023.1.5
autodeskautocad_mep
2024 ≤
𝑥
< 2024.1.3
autodeskautocad_mep
2025 ≤
𝑥
< 2025.0.1
autodeskautocad_plant_3d
2021 ≤
𝑥
< 2021.1.4
autodeskautocad_plant_3d
2022 ≤
𝑥
< 2022.1.4
autodeskautocad_plant_3d
2023 ≤
𝑥
< 2023.1.5
autodeskautocad_plant_3d
2024 ≤
𝑥
< 2024.1.3
autodeskautocad_plant_3d
2025 ≤
𝑥
< 2025.0.1
autodeskcivil_3d
2021 ≤
𝑥
< 2021.1.4
autodeskcivil_3d
2022 ≤
𝑥
< 2022.1.4
autodeskcivil_3d
2023 ≤
𝑥
< 2023.1.5
autodeskcivil_3d
2024 ≤
𝑥
< 2024.1.3
autodeskcivil_3d
2025 ≤
𝑥
< 2025.0.1
autodeskadvance_steel
2021 ≤
𝑥
< 2021.1.4
autodeskadvance_steel
2022 ≤
𝑥
< 2022.1.4
autodeskadvance_steel
2023 ≤
𝑥
< 2023.1.5
autodeskadvance_steel
2024 ≤
𝑥
< 2024.1.3
autodeskadvance_steel
2025 ≤
𝑥
< 2025.0.1
autodeskautocad_map_3d
2021 ≤
𝑥
< 2021.1.4
autodeskautocad_map_3d
2022 ≤
𝑥
< 2022.1.4
autodeskautocad_map_3d
2023 ≤
𝑥
< 2023.1.5
autodeskautocad_map_3d
2024 ≤
𝑥
< 2024.1.3
autodeskautocad_map_3d
2025 ≤
𝑥
< 2025.0.1
autodeskautocad
2021 ≤
𝑥
< 2021.1.4
autodeskautocad
2022 ≤
𝑥
< 2022.1.4
autodeskautocad
2023 ≤
𝑥
< 2023.1.5
autodeskautocad
2024 ≤
𝑥
< 2024.1.3
autodeskautocad
2025 ≤
𝑥
< 2025.0.1
autodeskautocad_architecture
2021 ≤
𝑥
< 2021.1.4
autodeskautocad_architecture
2022 ≤
𝑥
< 2022.1.4
autodeskautocad_architecture
2023 ≤
𝑥
< 2023.1.5
autodeskautocad_architecture
2024 ≤
𝑥
< 2024.1.3
autodeskautocad_architecture
2025 ≤
𝑥
< 2025.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004