- #Wibu codemeter user runtime application update
- #Wibu codemeter user runtime application verification
- #Wibu codemeter user runtime application software
- #Wibu codemeter user runtime application license
4.2.6 IMPROPER RESOURCE SHUTDOWN OR RELEASE CWE-404Īn attacker could send a specially crafted packet that could have the server send back packets containing data from the heap.ĬVE-2020-16233 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated the CVSS vector string is ( AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:H).
#Wibu codemeter user runtime application update
Only CmActLicense update files with CmActLicense Firm Code are affected.ĬVE-2020-14515 has been assigned to this vulnerability.
#Wibu codemeter user runtime application license
There is an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor.
#Wibu codemeter user runtime application verification
4.2.5 IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347 A CVSS v3 base score of 7.5 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
#Wibu codemeter user runtime application software
4.2.4 IMPROPER INPUT VALIDATION CWE-20ĬodeMeter and the software using it may crash while processing a specifically crafted license file due to unverified length fields.ĬVE-2020-14513 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H). This vulnerability allows an attacker to use the internal WebSockets API via a specifically crafted Java Script payload, which may allow alteration or creation of license files when combined with CVE-2020-14515.ĬVE-2020-14519 has been assigned to this vulnerability. A CVSS v3 base score of 9.4 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H). Protocol encryption can be easily broken and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.ĬVE-2020-14517 has been assigned to this vulnerability. 4.2.2 INADEQUATE ENCRYPTION STRENGTH CWE-326
A CVSS v3 base score of 10.0 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). An attacker could send specially crafted packets to exploit these vulnerabilities.ĬVE-2020-14509 has been assigned to this vulnerability. Multiple memory corruption vulnerabilities exist where the packet parser mechanism does not verify length fields. 4.2 VULNERABILITY OVERVIEW 4.2.1 BUFFER ACCESS WITH INCORRECT LENGTH VALUE CWE-805 As new instances are discovered/reported, they will be added to this list of affected products. This license manager is used in products by many different vendors.
All versions prior to 6.81 are affected by CVE-2020-14513.All versions prior to 7.10 are affected by CVE-2020-16233.All versions prior to 7.10a are affected by CVE-2020-14517.The following versions of CodeMeter Runtime, a license manager, are affected: Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, potentially attain remote code execution, read heap data, and prevent normal operation of third-party software dependent on the CodeMeter. This updated advisory is a follow-up to the advisory update titled ICSA-20-203-01 Wibu-Systems CodeMeter (Update D) that was published December 3, 2020, to the ICS webpage on. Vulnerabilities: Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, Improper Resource Shutdown or Release.ATTENTION: Exploitable remotely/low skill level to exploit.
0 kommentar(er)
