CVE-2024-9500

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Nov 15, 2024

CWE ID 269

Summary

CVE-2024-9500 is a newly disclosed vulnerability affecting Autodesk Installer. Malicious DLL files placed in temporary folders utilized by the installer can exploit insecure privilege management, granting attackers elevated privileges up to NT AUTHORITY/SYSTEM levels. This flaw potentially enables attackers to gain administrative control over affected systems. Users are advised to install patches promptly to mitigate the risk. Autodesk has released a patch to address this vulnerability. Until then, users should be cautious of untrusted DLL files and avoid installing software from unverified sources.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Autodesk

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/zLk7eD
https://www.cve.org/CVERecord?id=CVE-2024-9500
https://nvd.nist.gov/vuln/detail/CVE-2024-9500

Back to Vulnerability Database

CVE-2024-9500

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations