CVE-2024-11422

Name of the Vulnerable Software and Affected Versions Autodesk Navisworks Freedom (affected versions not specified) Autodesk Navisworks Simulate (affected versions not specified) Autodesk Navisworks Manage (affected versions not specified)

Description A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Recommendations For Autodesk Navisworks Freedom, update to the latest version as outlined in the security advisory. For Autodesk Navisworks Simulate, update to the latest version as outlined in the security advisory. For Autodesk Navisworks Manage, update to the latest version as outlined in the security advisory. As a temporary workaround, consider disabling the parsing of DWFX files in Autodesk Navisworks until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using maliciously crafted DWFX files in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.