Restrict unprivileged access to machines running the CodeMeter License Server service.Please be aware not all mitigations apply to every possible product configuration, so please check which of these could be relevant or applicable. The following measures are recommended to reduce the risk until the fixed version can be installed. Update to the latest version of the CodeMeter Runtime.Jokūbas Arsoba reported this vulnerability to Wibu-Systems. CRITICAL INFRASTRUCTURE SECTORS: Multiple.A CVSS v3 base score of 7.1 has been assigned the CVSS vector string is ( AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H). This could result in overwriting of essential files or a crash of the CodeMeter Runtime Server.ĬVE-2021-41057 has been assigned to this vulnerability. CodeMeter Runtime: All versions prior to Version 7.30aģ.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER PRIVILEGE MANAGEMENT CWE-269Ī local attacker using the Microsoft Windows OS could cause CodeMeter Runtime to improperly control file access permissions by setting up a link to a special system file used with CmDongles.The following versions of CodeMeter Runtime, a license manger, are affected: Successful exploitation of this vulnerability could allow an attacker to crash the CodeMeter Runtime Server, which could cause a denial-of-service condition. Vulnerability: Improper Privilege Management.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |