CVE-2024-9489 – This vulnerability allows attackers to exploit ... (How to Fix)

Q: What is the severity of CVE-2024-9489?

CVE-2024-9489 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to exploit a memory corruption flaw in AutoCAD by tricking users into opening malicious DWG files. Successful exploitation could lead to arbitrary code execution, data theft, or system crashes. All AutoCAD users who open untrusted DWG files are affected.

📋 TL;DR

This vulnerability allows attackers to exploit a memory corruption flaw in AutoCAD by tricking users into opening malicious DWG files. Successful exploitation could lead to arbitrary code execution, data theft, or system crashes. All AutoCAD users who open untrusted DWG files are affected.

💻 Affected Systems

Products:

Autodesk AutoCAD

Versions: Specific versions not detailed in advisory, but all versions before the patch are likely affected

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the DWG file parsing component of AutoCAD. All installations that process DWG files are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the same privileges as the AutoCAD process, potentially leading to full system compromise.

🟠

Likely Case

Application crash or limited data exposure when users open malicious files from untrusted sources.

🟢

If Mitigated

No impact if users only open trusted DWG files and have proper security controls.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but could be delivered via email or web downloads.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files from compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious DWG file. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Autodesk Security Advisory ADSK-SA-2024-0021 for specific patched versions

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021

Restart Required: Yes

Instructions:

1. Open AutoCAD. 2. Navigate to Help > About. 3. Check for updates. 4. Download and install the latest security update from Autodesk. 5. Restart AutoCAD.

🔧 Temporary Workarounds

Disable automatic DWG file opening

windows

Prevent AutoCAD from automatically opening DWG files from untrusted sources

Use file type restrictions

all

Configure system to only allow trusted DWG files to be opened with AutoCAD

🧯 If You Can't Patch

Implement strict file handling policies to only open DWG files from trusted sources
Use application whitelisting to restrict AutoCAD execution to specific users and systems

🔍 How to Verify

Check if Vulnerable:

Check AutoCAD version against patched versions listed in Autodesk Security Advisory ADSK-SA-2024-0021

Check Version:

In AutoCAD: Help > About, or on command line: acad.exe /version

Verify Fix Applied:

Verify AutoCAD version is updated to the patched version specified in the advisory

📡 Detection & Monitoring

Log Indicators:

Application crashes in AutoCAD with memory access violations
Unexpected process termination of acad.exe

Network Indicators:

Unusual network connections originating from AutoCAD process
Downloads of DWG files from untrusted sources

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="acad.exe" AND ExceptionCode="0xc0000005"

📊 Metadata

CVE ID: CVE-2024-9489

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: October 29, 2024

Last Updated: November 1, 2024

🔗 References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9489, you might also want to check these: