CVE-2024-12197 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2024-12197?

CVE-2024-12197 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious DWFX files in Autodesk Navisworks. It affects all users of vulnerable Navisworks versions who open untrusted DWFX files. The attacker gains the same privileges as the current user process.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious DWFX files in Autodesk Navisworks. It affects all users of vulnerable Navisworks versions who open untrusted DWFX files. The attacker gains the same privileges as the current user process.

💻 Affected Systems

Products:

Autodesk Navisworks

Versions: 2024 and earlier versions

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where Navisworks is installed and users open DWFX files from untrusted sources.

📦 What is this software?

Navisworks by Autodesk

View all CVEs affecting Navisworks →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through arbitrary code execution with the privileges of the Navisworks process, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Application crash or denial of service, with potential for limited code execution depending on exploit sophistication and system protections.

🟢

If Mitigated

Application crash only, with no code execution due to modern exploit mitigations like ASLR and DEP.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file. No public exploits have been reported as of the advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to the latest version as specified in Autodesk Security Advisory ADSK-SA-2024-0027

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027

Restart Required: Yes

Instructions:

1. Open Autodesk Navisworks. 2. Navigate to Help > Check for Updates. 3. Follow prompts to download and install the latest security update. 4. Restart Navisworks after installation completes.

🔧 Temporary Workarounds

Disable DWFX file association

windows

Prevent Navisworks from automatically opening DWFX files by removing the file association.

Control Panel > Default Programs > Associate a file type or protocol with a program > Select .dwfx > Change program > Choose another application

Block DWFX files at perimeter

all

Configure email gateways and web filters to block DWFX file attachments from untrusted sources.

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized code
Restrict user permissions to limit potential damage from successful exploitation

🔍 How to Verify

Check if Vulnerable:

Check Navisworks version against affected versions listed in Autodesk advisory ADSK-SA-2024-0027

Check Version:

In Navisworks: Help > About Autodesk Navisworks

Verify Fix Applied:

Verify Navisworks version is updated to a version not listed in the advisory as vulnerable

📡 Detection & Monitoring

Log Indicators:

Application crash logs from Navisworks
Unexpected process creation from Navisworks.exe

Network Indicators:

Unusual outbound connections from Navisworks process

SIEM Query:

Process:Navisworks.exe AND (EventID:1000 OR ParentImage:*malicious*)

📊 Metadata

CVE ID: CVE-2024-12197

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: December 17, 2024

Last Updated: May 8, 2025

🔗 References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12197, you might also want to check these: