Summary

A potential vulnerability has been identified in FlexNet Publisher affecting versions prior to 2024 R1 (11.19.6.0). This issue may allow local privilege escalation due to an uncontrolled search path element. We advise customers to upgrade their FlexNet Publisher lmadmin.exe and FlexNet Publisher to version 2024 R1 (11.19.6.0) where this issue has been resolved.

Producers potentially affected by this issue include:

1. Producers using lmadmin.exe prior to version 2024 R1 are affected by this vulnerability.
2. Producers utilizing the vendor daemon with secure communications (TLS communications) enabled prior to FlexNet Publisher version 2024 R1 are affected by this vulnerability.

Description

A misconfiguration in FlexNet Publisher lmadmin.exe allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges.

Fix Version and Resolution

This issue is addressed in FlexNet Publisher 2024 R1 (11.19.6.0) release. As a precaution, we strongly advise producers to upgrade to FlexNet Publisher 2024 R1 (11.19.6.0) or later if they are affected. End users can reach out to their providers to ascertain whether they are impacted.

The latest version of the lmadmin can be downloaded from the FlexNet Publisher lmadmin download links page.

Producers can download the latest version of the FlexNet Publisher from the Product and License Center.

Additional Information

CVSS Score / Severity:

• NVD: Score not available
• According to Flexera's Secunia Research criticality rating, the vulnerability has been rated as "Less Critical" (on a scale of "Not", "Less", "Moderately", "Highly", "Extremely"). The CVSS v3.1 base score has been set to 7.8. 
• It is important to note that the CVSS score may not completely represent all aspects of a vulnerability and its exploitation. Even minor vulnerabilities may end up receiving a relatively high score.
• For reference, please see the knowledge base article that clarifies the differences between Flexera's Secunia Research criticality rating and the CVSS rating: https://community.flexera.com/s/article/comparison-of-vulnerability-ratings-produced-using-the-cvss-scores-and-the-criticality-ratings-assigned-by-secunia-research

Link to CVE:

• https://www.cve.org/CVERecord?id=CVE-2024-2658
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2658

Credit:

For identifying this issue and disclosing it to Revenera PSIRT under the responsible disclosure process, we'd like to credit Xavier DANEST working with Trend Micro Zero Day Initiative.