CVE-2024-2658

No Score

Description

This vulnerability is due to a misconfiguration in FlexNet Publisher lmadmin.exe allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges.

Details

Source: Mitre, NVD

Published: 2024-04-04