CVE-2024-23150

Q: What is the severity of CVE-2024-23150?

CVE-2024-23150 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to execute arbitrary code or cause crashes by tricking users into opening malicious PRT files in Autodesk AutoCAD. It affects AutoCAD users who open untrusted PRT files, potentially leading to complete system compromise.

7.8 HIGH

Remote Code Execution

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code or cause crashes by tricking users into opening malicious PRT files in Autodesk AutoCAD. It affects AutoCAD users who open untrusted PRT files, potentially leading to complete system compromise.

💻 Affected Systems

Products:

Autodesk AutoCAD

Versions: Multiple versions prior to security updates

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user interaction to open malicious PRT file

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or ransomware deployment

🟠

Likely Case

Application crash or limited data corruption from targeted attacks

🟢

If Mitigated

No impact if files are from trusted sources and patches are applied

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user to open malicious file; no authentication bypass needed

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Autodesk security advisory for specific patched versions

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010

Restart Required: Yes

Instructions:

1. Open AutoCAD
2. Go to Help > Check for Updates
3. Install available security updates
4. Restart AutoCAD

🔧 Temporary Workarounds

Block PRT file extensions

windows

Prevent AutoCAD from opening PRT files via group policy or application settings

User awareness training

all

Train users to only open PRT files from trusted sources

🧯 If You Can't Patch

Restrict user permissions to limit impact of code execution
Implement application whitelisting to prevent unauthorized executables

🔍 How to Verify

Check if Vulnerable:

Check AutoCAD version against patched versions in Autodesk advisory

Check Version:

In AutoCAD: Help > About AutoCAD

Verify Fix Applied:

Verify AutoCAD version is updated to patched version listed in advisory

📡 Detection & Monitoring

Log Indicators:

AutoCAD crash logs with odxug_dll.dll errors
Unexpected process creation from AutoCAD

Network Indicators:

Unusual outbound connections from AutoCAD process

SIEM Query:

Process creation where parent process contains 'acad.exe' and command line contains suspicious parameters

📊 Metadata

CVE ID: CVE-2024-23150

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: June 25, 2024

Last Updated: November 13, 2025

🔗 References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Block PRT file extensions

User awareness training

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities