CVE-2024-37002

A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
autodeskCNA
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
autodeskautocad
2022 ≤
𝑥
< 2022.1.5
autodeskautocad
2023 ≤
𝑥
< 2023.1.6
autodeskautocad
2024 ≤
𝑥
< 2024.1.4
autodeskautocad
2025 ≤
𝑥
< 2025.1
autodeskautocad_architecture
2022 ≤
𝑥
< 2022.1.5
autodeskautocad_architecture
2023 ≤
𝑥
< 2023.1.6
autodeskautocad_architecture
2024 ≤
𝑥
< 2024.1.4
autodeskautocad_architecture
2025 ≤
𝑥
< 2025.1
autodeskautocad_electrical
2022 ≤
𝑥
< 2022.1.5
autodeskautocad_electrical
2023 ≤
𝑥
< 2023.1.6
autodeskautocad_electrical
2024 ≤
𝑥
< 2024.1.4
autodeskautocad_electrical
2025 ≤
𝑥
< 2025.1
autodeskautocad_map_3d
2022 ≤
𝑥
< 2022.1.5
autodeskautocad_map_3d
2023 ≤
𝑥
< 2023.1.6
autodeskautocad_map_3d
2024 ≤
𝑥
< 2024.1.4
autodeskautocad_map_3d
2025 ≤
𝑥
< 2025.1
autodeskautocad_mechanical
2022 ≤
𝑥
< 2022.1.5
autodeskautocad_mechanical
2023 ≤
𝑥
< 2023.1.6
autodeskautocad_mechanical
2024 ≤
𝑥
< 2024.1.4
autodeskautocad_mechanical
2025 ≤
𝑥
< 2025.1
autodeskautocad_mep
2022 ≤
𝑥
< 2022.1.5
autodeskautocad_mep
2023 ≤
𝑥
< 2023.1.6
autodeskautocad_mep
2024 ≤
𝑥
< 2024.1.4
autodeskautocad_mep
2025 ≤
𝑥
< 2025.1
autodeskautocad_plant_3d
2022 ≤
𝑥
< 2022.1.5
autodeskautocad_plant_3d
2023 ≤
𝑥
< 2023.1.6
autodeskautocad_plant_3d
2024 ≤
𝑥
< 2024.1.4
autodeskautocad_plant_3d
2025 ≤
𝑥
< 2025.1
autodeskcivil_3d
2022 ≤
𝑥
< 2022.1.5
autodeskcivil_3d
2023 ≤
𝑥
< 2023.1.6
autodeskcivil_3d
2024 ≤
𝑥
< 2024.1.4
autodeskcivil_3d
2025 ≤
𝑥
< 2025.1
autodeskadvance_steel
2022 ≤
𝑥
< 2022.1.5
autodeskadvance_steel
2023 ≤
𝑥
< 2023.1.6
autodeskadvance_steel
2024 ≤
𝑥
< 2024.1.4
autodeskadvance_steel
2025 ≤
𝑥
< 2025.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009