Privilege escalation in Reliable Controls LicenseManager
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-18245 |
| CWE-ID | CWE-428 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
RC-LicenseManager Client/Desktop applications / Other client software |
| Vendor | Reliable Controls |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Unquoted Search Path or Element
EUVDB-ID: #VU23388
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-18245
CWE-ID:
CWE-428 - Unquoted Search Path or Element
Exploit availability: No
DescriptionThe vulnerability exist due to the some services have an unquoted service path. A local user can insert malicious code into the system root path and execute arbitrary code with elevated privileges on the target system.
Install updates from vendor's website.
Vulnerable software versionsRC-LicenseManager: 3.4
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-19-337-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
