CVE-2024-8592 – A memory corruption vulnerability in Autodesk A... (How to Fix)

Q: What is the severity of CVE-2024-8592?

CVE-2024-8592 has a CVSS score of 7.8 (HIGH). A memory corruption vulnerability in Autodesk AutoCAD's CATPART file parser allows attackers to crash the application, leak sensitive data, or execute arbitrary code. This affects AutoCAD users who open malicious CATPART files. The vulnerability requires user interaction to open a crafted file.

📋 TL;DR

A memory corruption vulnerability in Autodesk AutoCAD's CATPART file parser allows attackers to crash the application, leak sensitive data, or execute arbitrary code. This affects AutoCAD users who open malicious CATPART files. The vulnerability requires user interaction to open a crafted file.

💻 Affected Systems

Products:

Autodesk AutoCAD

Versions: Multiple versions prior to the patched release

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects AutoCAD installations with CATPART file support enabled. Users must have AcTranslators.exe component.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the AutoCAD process, potentially leading to full system compromise.

🟠

Likely Case

Application crash or denial of service when opening malicious files, with potential for data exfiltration.

🟢

If Mitigated

Limited impact if users only open trusted files from verified sources.

🌐 Internet-Facing: LOW - Requires user to download and open malicious file, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files via email or shared drives.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious file. No public exploit code available at disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Autodesk Security Advisory ADSK-SA-2024-0020 for specific patched versions

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0020

Restart Required: Yes

Instructions:

1. Open AutoCAD
2. Navigate to Help > About
3. Check for updates or use Autodesk Desktop App
4. Apply available security updates
5. Restart AutoCAD

🔧 Temporary Workarounds

Disable CATPART file association

windows

Remove file type association to prevent AutoCAD from automatically opening CATPART files

Windows: Control Panel > Default Programs > Associate a file type or protocol with a program > Remove .CATPart association

User education and file filtering

all

Train users to only open trusted files and implement email/web filtering for CATPART files

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized AutoCAD execution
Use network segmentation to isolate AutoCAD workstations from critical systems

🔍 How to Verify

Check if Vulnerable:

Check AutoCAD version against affected versions listed in Autodesk advisory

Check Version:

In AutoCAD: Help > About or command line: acad.exe /version

Verify Fix Applied:

Verify AutoCAD version is updated to patched version specified in advisory

📡 Detection & Monitoring

Log Indicators:

Application crashes in AutoCAD with AcTranslators.exe
Unexpected file opens of CATPART files
Memory access violations in application logs

Network Indicators:

Downloads of CATPART files from untrusted sources
Unusual outbound connections from AutoCAD process

SIEM Query:

source="autocad_logs" AND (event="crash" OR event="memory_violation") AND process="AcTranslators.exe"

📊 Metadata

CVE ID: CVE-2024-8592

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: October 29, 2024

Last Updated: November 1, 2024

🔗 References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0020 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8592, you might also want to check these: