CVE-2024-37002
Published: Jun 25, 2024
Modified: Aug 27, 2025
CVSS v3.1
7.8
Description
A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
| Vendor | Product | Versions |
|---|---|---|
Autodesk | AutoCAD | affected 2025 - < 2025.1affected 2024 - < 2024.1.4affected 2023 - < 2023.1.6affected 2022 - < 2022.1.5 |
Autodesk | AutoCAD Architecture | affected 2025 - < 2025.1affected 2024 - < 2024.1.4affected 2023 - < 2023.1.6affected 2022 - < 2022.1.5 |
Autodesk | AutoCAD Electrical | affected 2025 - < 2025.1affected 2024 - < 2024.1.4affected 2023 - < 2023.1.6affected 2022 - < 2022.1.5 |
Autodesk | AutoCAD Mechanical | affected 2025 - < 2025.1affected 2024 - < 2024.1.4affected 2023 - < 2023.1.6affected 2022 - < 2022.1.5 |
Autodesk | AutoCAD MEP | affected 2025 - < 2025.1affected 2024 - < 2024.1.4affected 2023 - < 2023.1.6affected 2022 - < 2022.1.5 |
Autodesk | AutoCAD Plant 3D | affected 2025 - < 2025.1affected 2024 - < 2024.1.4affected 2023 - < 2023.1.6affected 2022 - < 2022.1.5 |
Autodesk | Civil 3D | affected 2025 - < 2025.1affected 2024 - < 2024.1.4affected 2023 - < 2023.1.6affected 2022 - < 2022.1.5 |
Autodesk | Advance Steel | affected 2025 - < 2025.1affected 2024 - < 2024.1.4affected 2023 - < 2023.1.6affected 2022 - < 2022.1.5 |
Autodesk | AutoCAD MAP 3D | affected 2025 - < 2025.1affected 2024 - < 2024.1.4affected 2023 - < 2023.1.6affected 2022 - < 2022.1.5 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now