CVE-2024-37002

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/06/2024
Last modified:
06/05/2025

Description

A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* 2022 (including) 2022.1.5 (excluding)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* 2023 (including) 2023.1.6 (excluding)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* 2024 (including) 2024.1.4 (excluding)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* 2025 (including) 2025.1 (excluding)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* 2022 (including) 2022.1.5 (excluding)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* 2023 (including) 2023.1.6 (excluding)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* 2024 (including) 2024.1.4 (excluding)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* 2025 (including) 2025.1 (excluding)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* 2022 (including) 2022.1.5 (excluding)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* 2023 (including) 2023.1.6 (excluding)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* 2024 (including) 2024.1.4 (excluding)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* 2025 (including) 2025.1 (excluding)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* 2022 (including) 2022.1.5 (excluding)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* 2023 (including) 2023.1.6 (excluding)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* 2024 (including) 2024.1.4 (excluding)