CVE-2024-23122: Critical Vulnerability in Autodesk AutoCAD's opennurbs.dll Affecting Parsing of 3DM Files Leads to Out-of-Bound Write, Possible Arbitrary Code Execution

A newly discovered critical vulnerability CVE-2024-23122 has been identified in Autodesk AutoCAD's opennurbs.dll library that, when exploited, results in an Out-of-Bound Write. This vulnerability can be triggered when a maliciously crafted 3DM (Rhino CAD) file is parsed through the vulnerable library. If successfully exploited, an attacker can cause the application to crash, write sensitive data, or execute arbitrary code in the context of the current process. The possible impact and required mitigations are explained in this post.

Description

CVE-2024-23122 is a dangerous vulnerability that stems from the opennurbs.dll library when used in Autodesk AutoCAD. This library, which is used for manipulating, reading, and writing 3DM files, does not properly handle the loading of maliciously crafted 3DM files. Specifically, it allows an attacker to force an Out-of-Bound Write during the parsing of these files, which can lead to memory corruption and application crashes as well as more serious consequences such as data leaks and code execution.

Here is a code snippet showcasing part of the vulnerability

// Pseudo-code demonstrating the parsing issue
Void parse_3dm(Byte *input_data) {
    // Read data from the input file
    Int data_size = *(Int *)(input_data + 4);

    // Allocate the memory based on the data size
    Byte *buffer = (Byte *)malloc(data_size);

    // Copy input data to the allocated buffer
    memcpy(buffer, input_data, data_size);

    ...
}

As seen in the code snippet above, the parsing function responsible for reading and handling 3DM files does not properly validate the input data or the size parameter. Consequently, this allows an attacker to easily trigger an Out-of-Bound Write by passing crafted data into the parsing function.

Relevant Links

The following links contain essential information regarding the vulnerability, including detailed descriptions, exploit analysis, and POCs (Proof of Concept).

1. CVE-2024-23122 nvd.nist.gov
2. [Autodesk AutoCAD opennurbs.dll Out-of-Bound Write Vulnerability [example.com]](https://www.example.com/autodesk-autocad-opennurbs-vulnerability)
3. [CVE-2024-23122 Exploit Analysis and POC [example2.com]](https://www.example2.com/cve-2024-23122-exploit-analysis)

Mitigation

To mitigate this vulnerability and minimize the associated risks, users and administrators should implement the following actions:

1. Use the most up-to-date version of Autodesk AutoCAD. Regularly update the software and apply all available patches to ensure that known vulnerabilities are addressed.
2. Avoid opening or processing 3DM files from untrusted sources. Instruct staff on the risks associated with handling files from unknown or suspicious origins.
3. Implement a robust Intrusion Detection/Prevention System (IDPS), and keep it updated with relevant CVE information. This step will help monitor and filter potentially harmful network traffic targeting the vulnerability.
4. Continuously monitor and analyze logs for any unusual activity that could indicate a potential breach or successful exploitation.

Conclusion

CVE-2024-23122 is a critical vulnerability that highlights the importance of secure coding practices and robust input validation in software libraries. Autodesk AutoCAD users and administrators should take immediate steps to address this vulnerability and follow the recommended mitigations to minimize the risks to their operations.

Timeline

Published on: 02/22/2024 02:15:49 UTC
Last modified on: 03/13/2024 03:15:06 UTC