CVE-2024-23136

EPSS 0.32%
Veröffentlicht 22.02.2024 05:15:09
Zuletzt bearbeitet 31.12.2025 00:41:19
Quelle psirt@autodesk.com
CVE-Watchlists
Login
Unerledigt
Login

A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Autodesk ≫ Autocad Electrical Version >= 2021 < 2021.1.4

Autodesk ≫ Autocad Electrical Version >= 2022 < 2022.1.4

Autodesk ≫ Autocad Electrical Version >= 2023 < 2023.1.5

Autodesk ≫ Autocad Electrical Version >= 2024 < 2024.1.3

Autodesk ≫ Autocad Electrical Version >= 2025 < 2025.0.1

Autodesk ≫ Autocad Mechanical Version >= 2021 < 2021.1.4

Autodesk ≫ Autocad Mechanical Version >= 2022 < 2022.1.4

Autodesk ≫ Autocad Mechanical Version >= 2023 < 2023.1.5

Autodesk ≫ Autocad Mechanical Version >= 2024 < 2024.1.3

Autodesk ≫ Autocad Mechanical Version >= 2025 < 2025.0.1

Autodesk ≫ Autocad Mep Version >= 2021 < 2021.1.4

Autodesk ≫ Autocad Mep Version >= 2022 < 2022.1.4

Autodesk ≫ Autocad Mep Version >= 2023 < 2023.1.5

Autodesk ≫ Autocad Mep Version >= 2024 < 2024.1.3

Autodesk ≫ Autocad Mep Version >= 2025 < 2025.0.1

Autodesk ≫ Autocad Plant 3d Version >= 2021 < 2021.1.4

Autodesk ≫ Autocad Plant 3d Version >= 2022 < 2022.1.4

Autodesk ≫ Autocad Plant 3d Version >= 2023 < 2023.1.5

Autodesk ≫ Autocad Plant 3d Version >= 2024 < 2024.1.3

Autodesk ≫ Autocad Plant 3d Version >= 2025 < 2025.0.1

Autodesk ≫ Civil 3d Version >= 2021 < 2021.1.4

Autodesk ≫ Civil 3d Version >= 2022 < 2022.1.4

Autodesk ≫ Civil 3d Version >= 2023 < 2023.1.5

Autodesk ≫ Civil 3d Version >= 2024 < 2024.1.3

Autodesk ≫ Civil 3d Version >= 2025 < 2025.0.1

Autodesk ≫ Advance Steel Version >= 2021 < 2021.1.4

Autodesk ≫ Advance Steel Version >= 2022 < 2022.1.4

Autodesk ≫ Advance Steel Version >= 2023 < 2023.1.5

Autodesk ≫ Advance Steel Version >= 2024 < 2024.1.3

Autodesk ≫ Advance Steel Version >= 2025 < 2025.0.1

Autodesk ≫ Autocad Map 3d Version >= 2021 < 2021.1.4

Autodesk ≫ Autocad Map 3d Version >= 2022 < 2022.1.4

Autodesk ≫ Autocad Map 3d Version >= 2023 < 2023.1.5

Autodesk ≫ Autocad Map 3d Version >= 2024 < 2024.1.3

Autodesk ≫ Autocad Map 3d Version >= 2025 < 2025.0.1

Autodesk ≫ Autocad Version >= 2021 < 2021.1.4

Autodesk ≫ Autocad Version >= 2022 < 2022.1.4

Autodesk ≫ Autocad Version >= 2023 < 2023.1.5

Autodesk ≫ Autocad Version >= 2024 < 2024.1.3

Autodesk ≫ Autocad Version >= 2025 < 2025.0.1

Autodesk ≫ Autocad Architecture Version >= 2021 < 2021.1.4

Autodesk ≫ Autocad Architecture Version >= 2022 < 2022.1.4

Autodesk ≫ Autocad Architecture Version >= 2023 < 2023.1.5

Autodesk ≫ Autocad Architecture Version >= 2024 < 2024.1.3

Autodesk ≫ Autocad Architecture Version >= 2025 < 2025.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.545

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@autodesk.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-822 Untrusted Pointer Dereference

The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-23136

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-23136

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-23136

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-23136