CVE-2024-37002

Summary

A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Affected Software

VendorProductVersion RangeStatus
AutodeskAutoCAD2025 < 2025.1affected
AutodeskAutoCAD2024 < 2024.1.4affected
AutodeskAutoCAD2023 < 2023.1.6affected
AutodeskAutoCAD2022 < 2022.1.5affected
AutodeskAutoCAD Architecture2025 < 2025.1affected
AutodeskAutoCAD Architecture2024 < 2024.1.4affected
AutodeskAutoCAD Architecture2023 < 2023.1.6affected
AutodeskAutoCAD Architecture2022 < 2022.1.5affected
AutodeskAutoCAD Electrical2025 < 2025.1affected
AutodeskAutoCAD Electrical2024 < 2024.1.4affected
AutodeskAutoCAD Electrical2023 < 2023.1.6affected
AutodeskAutoCAD Electrical2022 < 2022.1.5affected
AutodeskAutoCAD Mechanical2025 < 2025.1affected
AutodeskAutoCAD Mechanical2024 < 2024.1.4affected
AutodeskAutoCAD Mechanical2023 < 2023.1.6affected
AutodeskAutoCAD Mechanical2022 < 2022.1.5affected
AutodeskAutoCAD MEP2025 < 2025.1affected
AutodeskAutoCAD MEP2024 < 2024.1.4affected
AutodeskAutoCAD MEP2023 < 2023.1.6affected
AutodeskAutoCAD MEP2022 < 2022.1.5affected
AutodeskAutoCAD Plant 3D2025 < 2025.1affected
AutodeskAutoCAD Plant 3D2024 < 2024.1.4affected
AutodeskAutoCAD Plant 3D2023 < 2023.1.6affected
AutodeskAutoCAD Plant 3D2022 < 2022.1.5affected
AutodeskCivil 3D2025 < 2025.1affected
AutodeskCivil 3D2024 < 2024.1.4affected
AutodeskCivil 3D2023 < 2023.1.6affected
AutodeskCivil 3D2022 < 2022.1.5affected
AutodeskAdvance Steel2025 < 2025.1affected
AutodeskAdvance Steel2024 < 2024.1.4affected
AutodeskAdvance Steel2023 < 2023.1.6affected
AutodeskAdvance Steel2022 < 2022.1.5affected
AutodeskAutoCAD MAP 3D2025 < 2025.1affected
AutodeskAutoCAD MAP 3D2024 < 2024.1.4affected
AutodeskAutoCAD MAP 3D2023 < 2023.1.6affected
AutodeskAutoCAD MAP 3D2022 < 2022.1.5affected

Weaknesses

  • CWE-457: CWE-457: Use of Uninitialized Variable

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References