CVE-2024-23156
📋 TL;DR
A memory corruption vulnerability in Autodesk applications allows attackers to execute arbitrary code by tricking users into opening malicious 3DM files. This affects users of Autodesk software that uses the vulnerable opennurbs.dll and ASMkern229A.dll libraries. Successful exploitation could lead to complete compromise of the affected system.
💻 Affected Systems
- Autodesk Advance Steel
- Autodesk Civil 3D
- Autodesk Navisworks
- Autodesk AutoCAD
- Autodesk Inventor
- Autodesk Fusion 360
📦 What is this software?
Advance Steel by Autodesk
Advance Steel by Autodesk
Advance Steel by Autodesk
Advance Steel by Autodesk
Autocad by Autodesk
Autocad by Autodesk
Autocad by Autodesk
Autocad by Autodesk
Autocad Mep by Autodesk
Autocad Mep by Autodesk
Autocad Mep by Autodesk
Autocad Mep by Autodesk
Civil 3d by Autodesk
Civil 3d by Autodesk
Civil 3d by Autodesk
Civil 3d by Autodesk
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining the same privileges as the user running the Autodesk application, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation or malware execution when a user opens a malicious 3DM file, potentially leading to credential theft or data exfiltration.
If Mitigated
Limited impact if proper application whitelisting and file validation are in place, with potential for application crash but no code execution.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious file. No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.1.2 and later updates
Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010
Restart Required: Yes
Instructions:
1. Open the Autodesk Desktop App or access Autodesk Account. 2. Check for available updates for your installed Autodesk products. 3. Install all security updates for affected products. 4. Restart the application and system as prompted.
🔧 Temporary Workarounds
Disable 3DM file association
windowsPrevent Autodesk applications from automatically opening 3DM files by changing file associations
Windows: Control Panel > Default Programs > Set Associations > Change .3dm to open with Notepad or another safe viewer
Application control policy
allImplement application whitelisting to prevent unauthorized execution of Autodesk applications
🧯 If You Can't Patch
- Implement strict file validation policies to block untrusted 3DM files at email gateways and network perimeters
- Educate users to never open 3DM files from untrusted sources and to verify file integrity before opening
🔍 How to Verify
Check if Vulnerable:
Check Autodesk application version against affected versions list in the security advisoryCheck Version:
Windows: wmic product where "name like '%Autodesk%'" get name,versionVerify Fix Applied:
Verify installed version is 2024.1.2 or later through the application's About dialog or Autodesk Desktop App📡 Detection & Monitoring
Log Indicators:
- Application crashes in Autodesk software when processing 3DM files
- Unexpected process creation from Autodesk applications
- File access violations in application logs
Network Indicators:
- Outbound connections from Autodesk applications to unexpected destinations
- DNS queries for suspicious domains following file opens
SIEM Query:
source="*autodesk*" AND (event_id=1000 OR event_id=1001) AND message="*access violation*" OR message="*3dm*"