Please see Wibu-Systems Security Advisory WIBU-210910-01 for more information.ĬISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.General security best practices can help protect systems from local and network attacks.įor more information on products dependent on the affected CodeMeter see the following vendor security advisories: Restart CodeMeter to apply this change.Set the value of the key HKEY_LOCAL_MACHINE\SOFTWARE\WIBUSYSTEMS\CodeMeter\Server\CurrentVersion\EnabledContainerTypes” to 4294967294 (0xFFFFFFFE).If there are no CmDongles connected to the affected machine, or if the connected CmDongles are configured as HID, the CodeMeter communication with “Mass Storage” devices can be disabled at the Windows Registry as follows: Disable the container type “Mass Storage” in CodeMeter.Restrict unprivileged access to machines running the CodeMeter License Server service.Please be aware not all mitigations apply to every possible product configuration, so please check which of these could be relevant or applicable. The following measures are recommended to reduce the risk until the fixed version can be installed.
Update to the latest version of the CodeMeter Runtime.Jokūbas Arsoba reported this vulnerability to Wibu-Systems. CRITICAL INFRASTRUCTURE SECTORS: Multiple.A CVSS v3 base score of 7.1 has been assigned the CVSS vector string is ( AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H). This could result in overwriting of essential files or a crash of the CodeMeter Runtime Server.ĬVE-2021-41057 has been assigned to this vulnerability. CodeMeter Runtime: All versions prior to Version 7.30aģ.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER PRIVILEGE MANAGEMENT CWE-269Ī local attacker using the Microsoft Windows OS could cause CodeMeter Runtime to improperly control file access permissions by setting up a link to a special system file used with CmDongles.The following versions of CodeMeter Runtime, a license manger, are affected: Successful exploitation of this vulnerability could allow an attacker to crash the CodeMeter Runtime Server, which could cause a denial-of-service condition. Vulnerability: Improper Privilege Management.""="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App= C:\\Program Files (x86) \\CodeMeter\\Runtime\\bin\\CodeMeter. Noticed in the Registry key a setting needs to be set to “Allow” to enable CA ARD to function it seems. Trying to minimize security risk with ARD installation. Creating desktop package of ARD installation for end users desktop computers.
0 kommentar(er)
