{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-37002", "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "state": "PUBLISHED", "assignerShortName": "autodesk", "dateReserved": "2024-05-30T20:11:46.549Z", "datePublished": "2024-06-25T03:07:28.673Z", "dateUpdated": "2024-06-25T13:15:09.271Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "AutoCAD, Advance Steel and Civil 3D", "vendor": "Autodesk", "versions": [{"status": "affected", "version": "2024"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.</span><br>"}], "value": "A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-457", "description": "CWE-457: Use of Uninitialized Variable", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk", "dateUpdated": "2024-06-25T03:07:28.673Z"}, "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "autodesk", "product": "autocad_advance_steel", "cpes": ["cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2024", "status": "affected"}]}, {"vendor": "autodesk", "product": "civil_3d", "cpes": ["cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2024", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-25T13:12:54.230669Z", "id": "CVE-2024-37002", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T13:15:09.271Z"}}]}}

{"descriptions": [{"lang": "en", "value": "A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process."}, {"lang": "es", "value": "Un archivo MODEL creado con fines malintencionados, cuando se analiza en ASMkern229A.dll a trav\u00e9s de aplicaciones de Autodesk, se puede utilizar para variables no inicializadas. Esta vulnerabilidad, junto con otras vulnerabilidades, podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo en el proceso actual."}], "id": "CVE-2024-37002", "lastModified": "2024-06-25T12:24:17.873", "metrics": {}, "published": "2024-06-25T03:15:10.647", "references": [{"source": "psirt@autodesk.com", "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"}], "sourceIdentifier": "psirt@autodesk.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-457"}], "source": "psirt@autodesk.com", "type": "Secondary"}]}

{}