CVE-2024-37002

EPSS 0.2%
Veröffentlicht 25.06.2024 03:15:10
Zuletzt bearbeitet 13.11.2025 20:20:12
Quelle psirt@autodesk.com
CVE-Watchlists
Login
Unerledigt
Login

A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Autodesk ≫ Autocad Version >= 2022 < 2022.1.5

Autodesk ≫ Autocad Version >= 2023 < 2023.1.6

Autodesk ≫ Autocad Version >= 2024 < 2024.1.4

Autodesk ≫ Autocad Version >= 2025 < 2025.1

Autodesk ≫ Autocad Architecture Version >= 2022 < 2022.1.5

Autodesk ≫ Autocad Architecture Version >= 2023 < 2023.1.6

Autodesk ≫ Autocad Architecture Version >= 2024 < 2024.1.4

Autodesk ≫ Autocad Architecture Version >= 2025 < 2025.1

Autodesk ≫ Autocad Electrical Version >= 2022 < 2022.1.5

Autodesk ≫ Autocad Electrical Version >= 2023 < 2023.1.6

Autodesk ≫ Autocad Electrical Version >= 2024 < 2024.1.4

Autodesk ≫ Autocad Electrical Version >= 2025 < 2025.1

Autodesk ≫ Autocad Map 3d Version >= 2022 < 2022.1.5

Autodesk ≫ Autocad Map 3d Version >= 2023 < 2023.1.6

Autodesk ≫ Autocad Map 3d Version >= 2024 < 2024.1.4

Autodesk ≫ Autocad Map 3d Version >= 2025 < 2025.1

Autodesk ≫ Autocad Mechanical Version >= 2022 < 2022.1.5

Autodesk ≫ Autocad Mechanical Version >= 2023 < 2023.1.6

Autodesk ≫ Autocad Mechanical Version >= 2024 < 2024.1.4

Autodesk ≫ Autocad Mechanical Version >= 2025 < 2025.1

Autodesk ≫ Autocad Mep Version >= 2022 < 2022.1.5

Autodesk ≫ Autocad Mep Version >= 2023 < 2023.1.6

Autodesk ≫ Autocad Mep Version >= 2024 < 2024.1.4

Autodesk ≫ Autocad Mep Version >= 2025 < 2025.1

Autodesk ≫ Autocad Plant 3d Version >= 2022 < 2022.1.5

Autodesk ≫ Autocad Plant 3d Version >= 2023 < 2023.1.6

Autodesk ≫ Autocad Plant 3d Version >= 2024 < 2024.1.4

Autodesk ≫ Autocad Plant 3d Version >= 2025 < 2025.1

Autodesk ≫ Civil 3d Version >= 2022 < 2022.1.5

Autodesk ≫ Civil 3d Version >= 2023 < 2023.1.6

Autodesk ≫ Civil 3d Version >= 2024 < 2024.1.4

Autodesk ≫ Civil 3d Version >= 2025 < 2025.1

Autodesk ≫ Advance Steel Version >= 2022 < 2022.1.5

Autodesk ≫ Advance Steel Version >= 2023 < 2023.1.6

Autodesk ≫ Advance Steel Version >= 2024 < 2024.1.4

Autodesk ≫ Advance Steel Version >= 2025 < 2025.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.427

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@autodesk.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-457 Use of Uninitialized Variable

The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-37002

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-37002

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37002

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-37002