Detections
Analytics

CodeMeter < 5.20 Local Privilege Escalation Vulnerability

high Nessus Plugin ID 81439

Language:

Synopsis

A web application on the remote host is affected by a privilege escalation vulnerability.

Description

According to its self-reported version, the CodeMeter WebAdmin server installed on the remote host is prior to 5.20a (5.20.1458.500). It is affected by insecure read/write permissions for the 'codemeter.exe' service, which a local attacker can exploit to gain elevated privileges via a trojan horse file.

Solution

Upgrade to CodeMeter 5.20a (5.20.1458.500) or later.

See Also

https://www.wibu.com/support/user/downloads-user-software.html

https://seclists.org/bugtraq/2014/Nov/124

Plugin Details

Severity: High

ID: 81439

File Name: codemeter_webadmin_5_20.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 2/23/2015

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:wibu:codemeter_runtime

Required KB Items: installed_sw/CodeMeter

Exploit Ease: No known exploits are available

Patch Publication Date: 8/15/2014

Vulnerability Publication Date: 11/20/2014

Reference Information

CVE: CVE-2014-8419

BID: 71264