{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23136", "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "state": "PUBLISHED", "assignerShortName": "autodesk", "dateReserved": "2024-01-11T21:47:40.857Z", "datePublished": "2024-02-22T04:48:25.677Z", "dateUpdated": "2024-08-01T22:59:30.674Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "AutoCAD, Advance Steel and Civil 3D", "vendor": "Autodesk", "versions": [{"status": "affected", "version": "2024, 2023, 2022, 2021"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk AutoCAD can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.</span><br>"}], "value": "A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk AutoCAD can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\n"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-822", "description": "CWE-822: Untrusted Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk", "dateUpdated": "2024-03-17T23:52:55.925Z"}, "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"}, {"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "autodesk", "product": "autocad_advance_steel", "cpes": ["cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2021", "status": "affected", "lessThan": "2021.1.4", "versionType": "custom"}, {"version": "2022", "status": "affected", "lessThan": "2022.1.4", "versionType": "custom"}, {"version": "2023", "status": "affected", "lessThan": "2023.1.5", "versionType": "custom"}, {"version": "2024", "status": "affected", "lessThan": "2024.1.3", "versionType": "custom"}, {"version": "2025", "status": "affected", "lessThan": "2025.0.1", "versionType": "custom"}]}, {"vendor": "autodesk", "product": "autocad_civil_3d", "cpes": ["cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2021", "status": "affected", "lessThan": "2021.1.4", "versionType": "custom"}, {"version": "2022", "status": "affected", "lessThan": "2022.1.4", "versionType": "custom"}, {"version": "2023", "status": "affected", "lessThan": "2023.1.5", "versionType": "custom"}, {"version": "2024", "status": "affected", "lessThan": "2024.1.3", "versionType": "custom"}, {"version": "2025", "status": "affected", "lessThan": "2025.0.1", "versionType": "custom"}]}, {"vendor": "autodesk", "product": "autocad", "cpes": ["cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2021", "status": "affected", "lessThan": "2021.1.4", "versionType": "custom"}, {"version": "2022", "status": "affected", "lessThan": "2022.1.4", "versionType": "custom"}, {"version": "2023", "status": "affected", "lessThan": "2023.1.5", "versionType": "custom"}, {"version": "2024", "status": "affected", "lessThan": "2024.1.3", "versionType": "custom"}, {"version": "2025", "status": "affected", "lessThan": "2025.0.1", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-02-22T14:40:30.040434Z", "id": "CVE-2024-23136", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T16:23:25.405Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:30.674Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002", "tags": ["x_transferred"]}, {"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-23136", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-02-22T14:40:30.040434Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"], "vendor": "autodesk", "product": "autocad_advance_steel", "versions": [{"status": "affected", "version": "2021", "lessThan": "2021.1.4", "versionType": "custom"}, {"status": "affected", "version": "2022", "lessThan": "2022.1.4", "versionType": "custom"}, {"status": "affected", "version": "2023", "lessThan": "2023.1.5", "versionType": "custom"}, {"status": "affected", "version": "2024", "lessThan": "2024.1.3", "versionType": "custom"}, {"status": "affected", "version": "2025", "lessThan": "2025.0.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"], "vendor": "autodesk", "product": "autocad_civil_3d", "versions": [{"status": "affected", "version": "2021", "lessThan": "2021.1.4", "versionType": "custom"}, {"status": "affected", "version": "2022", "lessThan": "2022.1.4", "versionType": "custom"}, {"status": "affected", "version": "2023", "lessThan": "2023.1.5", "versionType": "custom"}, {"status": "affected", "version": "2024", "lessThan": "2024.1.3", "versionType": "custom"}, {"status": "affected", "version": "2025", "lessThan": "2025.0.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"], "vendor": "autodesk", "product": "autocad", "versions": [{"status": "affected", "version": "2021", "lessThan": "2021.1.4", "versionType": "custom"}, {"status": "affected", "version": "2022", "lessThan": "2022.1.4", "versionType": "custom"}, {"status": "affected", "version": "2023", "lessThan": "2023.1.5", "versionType": "custom"}, {"status": "affected", "version": "2024", "lessThan": "2024.1.3", "versionType": "custom"}, {"status": "affected", "version": "2025", "lessThan": "2025.0.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T16:09:16.318Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "affected": [{"vendor": "Autodesk", "product": "AutoCAD, Advance Steel and Civil 3D", "versions": [{"status": "affected", "version": "2024, 2023, 2022, 2021"}], "defaultStatus": "unknown"}], "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"}, {"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk AutoCAD can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk AutoCAD can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-822", "description": "CWE-822: Untrusted Pointer Dereference"}]}], "providerMetadata": {"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk", "dateUpdated": "2024-03-17T23:52:55.925Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23136", "state": "PUBLISHED", "dateUpdated": "2024-07-26T16:23:25.405Z", "dateReserved": "2024-01-11T21:47:40.857Z", "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "datePublished": "2024-02-22T04:48:25.677Z", "assignerShortName": "autodesk"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk AutoCAD can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\n"}, {"lang": "es", "value": "Un archivo STP creado con fines malintencionados cuando ASMKERN228A.dll se analiza mediante Autodesk AutoCAD se puede utilizar para eliminar la referencia a un puntero que no es de confianza. Esta vulnerabilidad, junto con otras vulnerabilidades, podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo en el proceso actual."}], "id": "CVE-2024-23136", "lastModified": "2024-08-01T13:47:08.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-22T05:15:09.527", "references": [{"source": "psirt@autodesk.com", "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"}, {"source": "psirt@autodesk.com", "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"}], "sourceIdentifier": "psirt@autodesk.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-822"}], "source": "psirt@autodesk.com", "type": "Secondary"}]}

{}