CVE-2024-37002

Q: What is the severity of CVE-2024-37002?

CVE-2024-37002 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious MODEL files in affected Autodesk applications. It affects users of Autodesk software that uses the vulnerable ASMkern229A.dll library. The exploit leverages uninitialized variables to achieve code execution in the current process.

7.8 HIGH

Remote Code Execution

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious MODEL files in affected Autodesk applications. It affects users of Autodesk software that uses the vulnerable ASMkern229A.dll library. The exploit leverages uninitialized variables to achieve code execution in the current process.

💻 Affected Systems

Products:

Autodesk applications using ASMkern229A.dll

Versions: Specific versions listed in Autodesk advisory ADSK-SA-2024-0009

Operating Systems: Windows, macOS, Linux where applicable

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user interaction to open malicious MODEL files. All default configurations of affected Autodesk products are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through remote code execution, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or malware execution when users open malicious MODEL files, potentially leading to data exfiltration or system disruption.

🟢

If Mitigated

Limited impact with proper application whitelisting and user training preventing malicious file execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious files. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions specified in Autodesk advisory ADSK-SA-2024-0009

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009

Restart Required: Yes

Instructions:

1. Review Autodesk advisory ADSK-SA-2024-0009. 2. Identify affected products and versions. 3. Download and install the latest security updates from Autodesk. 4. Restart affected applications and systems.

🔧 Temporary Workarounds

Restrict MODEL file execution

windows

Block execution of MODEL files from untrusted sources using application control policies.

Use Windows AppLocker or similar to block .model files from untrusted locations

User awareness training

all

Train users to avoid opening MODEL files from unknown or untrusted sources.

🧯 If You Can't Patch

Implement strict application whitelisting to prevent execution of unauthorized files
Use network segmentation to isolate Autodesk workstations from critical systems

🔍 How to Verify

Check if Vulnerable:

Check if ASMkern229A.dll version matches vulnerable versions listed in Autodesk advisory

Check Version:

On Windows: wmic datafile where name='C:\\Path\\To\\ASMkern229A.dll' get version

Verify Fix Applied:

Verify ASMkern229A.dll has been updated to patched version and check Autodesk application version against patched versions

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from Autodesk applications
Failed attempts to load MODEL files
Crash reports from ASMkern229A.dll

Network Indicators:

Unexpected outbound connections from Autodesk applications
Downloads of MODEL files from suspicious sources

SIEM Query:

Process creation where parent process contains 'autodesk' AND command line contains '.model'

📊 Metadata

CVE ID: CVE-2024-37002

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-457

Published: June 25, 2024

Last Updated: November 13, 2025

🔗 References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict MODEL file execution

User awareness training

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities