General security best practices can help protect systems from local and network attacks.įor more information on products dependent on the affected CodeMeter see the following vendor security advisories:
Update to the latest version of the CodeMeter Runtime.Jokūbas Arsoba reported this vulnerability to Wibu-Systems. CRITICAL INFRASTRUCTURE SECTORS: Multiple.A CVSS v3 base score of 7.1 has been assigned the CVSS vector string is ( AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H). This could result in overwriting of essential files or a crash of the CodeMeter Runtime Server.ĬVE-2021-41057 has been assigned to this vulnerability. CodeMeter Runtime: All versions prior to Version 7.30aģ.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER PRIVILEGE MANAGEMENT CWE-269Ī local attacker using the Microsoft Windows OS could cause CodeMeter Runtime to improperly control file access permissions by setting up a link to a special system file used with CmDongles.The following versions of CodeMeter Runtime, a license manger, are affected: Successful exploitation of this vulnerability could allow an attacker to crash the CodeMeter Runtime Server, which could cause a denial-of-service condition. Vulnerability: Improper Privilege Management.
0 kommentar(er)
