Multiple vulnerabilities in Wibu-Systems CodeMeter



Published: 2020-09-09
Risk High
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2020-14509
CVE-2020-14517
CVE-2020-14519
CWE ID CWE-119
CWE-326
CWE-346
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
CodeMeter Runtime
Server applications / DLP, anti-spam, sniffers

Vendor Wibu Systems

Security Advisory

1) Buffer overflow

Risk: High

CVSSv3: 8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-14509

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when the packet parser mechanism does not verify length fields. A remote attacker can send specially crafted packets, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

CodeMeter Runtime: before 7.10a

CPE External links

https://ics-cert.us-cert.gov/advisories/icsa-20-203-01
https://www.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-200521-03.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Inadequate Encryption Strength

Risk: High

CVSSv3: 8.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-14517

CWE-ID: CWE-326 - Inadequate Encryption Strength

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the protocol encryption can be easily broken and the server accepts external connections. A remote attacker can communicate with the CodeMeter API.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

CodeMeter Runtime: before 7.10a

CPE External links

https://ics-cert.us-cert.gov/advisories/icsa-20-203-01
https://www.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-200521-04.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Origin validation error

Risk: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-14519

CWE-ID: CWE-346 - Origin Validation Error

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to origin validation error. A remote attacker can use the internal WebSockets API via a specifically crafted Java Script payload and alter or create license files when combined with CVE-2020-14515.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

CodeMeter Runtime: before 7.10a

CPE External links

https://ics-cert.us-cert.gov/advisories/icsa-20-203-01
https://www.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-200521-02.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###