Summary

A potential vulnerability has been identified in FlexNet Publisher affecting versions prior to 2024 R1 (11.19.6.0). This issue may allow local privilege escalation due to an uncontrolled search path element. We advise customers to upgrade their FlexNet Publisher lmadmin.exe to version 2024 R1 (11.19.6.0) where this issue has been resolved.

Description

A misconfiguration in FlexNet Publisher lmadmin.exe allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges.

Fix Version and Resolution

This issue is addressed in FlexNet Publisher 2024 R1 (11.19.6.0) release. As a precaution, we strongly advise users to upgrade to FlexNet Publisher 2024 R1 (11.19.6.0) or later.

The latest version of the lmadmin can be downloaded from the FlexNet Publisher lmadmin download links page.

Additional Information

Link to CVE: 

• https://www.cve.org/CVERecord?id=CVE-2024-2658
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2658

Credit:

For identifying this issue and disclosing it to Revenera PSIRT under the responsible disclosure process, we'd like to credit Xavier DANEST working with Trend Micro Zero Day Initiative.