CVE-2024-37002
25.06.2024, 03:15
A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.Enginsight
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad | 2022 ≤ 𝑥 < 2022.1.5 |
| autodesk | autocad | 2023 ≤ 𝑥 < 2023.1.6 |
| autodesk | autocad | 2024 ≤ 𝑥 < 2024.1.4 |
| autodesk | autocad | 2025 ≤ 𝑥 < 2025.1 |
| autodesk | autocad_architecture | 2022 ≤ 𝑥 < 2022.1.5 |
| autodesk | autocad_architecture | 2023 ≤ 𝑥 < 2023.1.6 |
| autodesk | autocad_architecture | 2024 ≤ 𝑥 < 2024.1.4 |
| autodesk | autocad_architecture | 2025 ≤ 𝑥 < 2025.1 |
| autodesk | autocad_electrical | 2022 ≤ 𝑥 < 2022.1.5 |
| autodesk | autocad_electrical | 2023 ≤ 𝑥 < 2023.1.6 |
| autodesk | autocad_electrical | 2024 ≤ 𝑥 < 2024.1.4 |
| autodesk | autocad_electrical | 2025 ≤ 𝑥 < 2025.1 |
| autodesk | autocad_map_3d | 2022 ≤ 𝑥 < 2022.1.5 |
| autodesk | autocad_map_3d | 2023 ≤ 𝑥 < 2023.1.6 |
| autodesk | autocad_map_3d | 2024 ≤ 𝑥 < 2024.1.4 |
| autodesk | autocad_map_3d | 2025 ≤ 𝑥 < 2025.1 |
| autodesk | autocad_mechanical | 2022 ≤ 𝑥 < 2022.1.5 |
| autodesk | autocad_mechanical | 2023 ≤ 𝑥 < 2023.1.6 |
| autodesk | autocad_mechanical | 2024 ≤ 𝑥 < 2024.1.4 |
| autodesk | autocad_mechanical | 2025 ≤ 𝑥 < 2025.1 |
| autodesk | autocad_mep | 2022 ≤ 𝑥 < 2022.1.5 |
| autodesk | autocad_mep | 2023 ≤ 𝑥 < 2023.1.6 |
| autodesk | autocad_mep | 2024 ≤ 𝑥 < 2024.1.4 |
| autodesk | autocad_mep | 2025 ≤ 𝑥 < 2025.1 |
| autodesk | autocad_plant_3d | 2022 ≤ 𝑥 < 2022.1.5 |
| autodesk | autocad_plant_3d | 2023 ≤ 𝑥 < 2023.1.6 |
| autodesk | autocad_plant_3d | 2024 ≤ 𝑥 < 2024.1.4 |
| autodesk | autocad_plant_3d | 2025 ≤ 𝑥 < 2025.1 |
| autodesk | civil_3d | 2022 ≤ 𝑥 < 2022.1.5 |
| autodesk | civil_3d | 2023 ≤ 𝑥 < 2023.1.6 |
| autodesk | civil_3d | 2024 ≤ 𝑥 < 2024.1.4 |
| autodesk | civil_3d | 2025 ≤ 𝑥 < 2025.1 |
| autodesk | advance_steel | 2022 ≤ 𝑥 < 2022.1.5 |
| autodesk | advance_steel | 2023 ≤ 𝑥 < 2023.1.6 |
| autodesk | advance_steel | 2024 ≤ 𝑥 < 2024.1.4 |
| autodesk | advance_steel | 2025 ≤ 𝑥 < 2025.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-457 - Use of Uninitialized VariableThe code uses a variable that has not been initialized, leading to unpredictable or unintended results.
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.