{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23156", "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "state": "PUBLISHED", "assignerShortName": "autodesk", "dateReserved": "2024-01-11T21:51:41.601Z", "datePublished": "2024-06-25T03:30:03.304Z", "dateUpdated": "2024-08-01T22:59:32.153Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "AutoCAD, Advance Steel and Civil 3D", "vendor": "Autodesk", "versions": [{"status": "affected", "version": "2024"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.</span><br>"}], "value": "A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119 Memory Corruption - Generic", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk", "dateUpdated": "2024-06-25T03:30:03.304Z"}, "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "autodesk", "product": "autocad_plant_3d", "cpes": ["cpe:2.3:a:autodesk:autocad:-:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_advance_steel:-:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:-:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_civil_3d:-:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:-:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:-:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:-:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:-:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2024", "status": "affected", "lessThan": "2024.1.5", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T19:14:44.418256Z", "id": "CVE-2024-23156", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T19:17:50.940Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.153Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.153Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-23156", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-26T19:14:44.418256Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:autodesk:autocad:-:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_advance_steel:-:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:-:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_civil_3d:-:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:-:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:-:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:-:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:-:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:-:*:*:*:*:*:*:*"], "vendor": "autodesk", "product": "autocad_plant_3d", "versions": [{"status": "affected", "version": "2024", "lessThan": "2024.1.5", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T19:17:30.320Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "affected": [{"vendor": "Autodesk", "product": "AutoCAD, Advance Steel and Civil 3D", "versions": [{"status": "affected", "version": "2024"}], "defaultStatus": "unknown"}], "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Memory Corruption - Generic"}]}], "providerMetadata": {"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk", "dateUpdated": "2024-06-25T03:30:03.304Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23156", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:59:32.153Z", "dateReserved": "2024-01-11T21:51:41.601Z", "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "datePublished": "2024-06-25T03:30:03.304Z", "assignerShortName": "autodesk"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process."}, {"lang": "es", "value": "Un archivo 3DM creado con fines malintencionados, cuando se analiza en opennurbs.dll y ASMkern229A.dll a trav\u00e9s de aplicaciones de Autodesk, puede provocar una vulnerabilidad de corrupci\u00f3n de memoria por infracci\u00f3n de acceso de escritura. Esta vulnerabilidad, junto con otras vulnerabilidades, puede provocar la ejecuci\u00f3n de c\u00f3digo en el proceso actual."}], "id": "CVE-2024-23156", "lastModified": "2024-07-03T01:47:35.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-25T04:15:13.450", "references": [{"source": "psirt@autodesk.com", "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"}], "sourceIdentifier": "psirt@autodesk.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "psirt@autodesk.com", "type": "Secondary"}]}

{}