Reprise License Manager 14.2 Remote Binary Execution

2021-12-08T00:00:00

Description

{"id": "PACKETSTORM:165194", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "Reprise License Manager 14.2 Remote Binary Execution", "description": "", "published": "2021-12-08T00:00:00", "modified": "2021-12-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://packetstormsecurity.com/files/165194/Reprise-License-Manager-14.2-Remote-Binary-Execution.html", "reporter": "Andreas Fyhn Andersen, Mark Staal Steenberg, Oliver Lind Nordestgaard, Gionathan Armando Reale, Bilal El Ghoul", "references": [], "cvelist": ["CVE-2018-15573", "CVE-2021-44153"], "immutableFields": [], "lastseen": "2021-12-08T16:07:24", "viewCount": 118, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-15573", "CVE-2021-44153"]}, {"type": "zdt", "idList": ["1337DAY-ID-37112"]}], "rev": 4}, "score": {"value": 6.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2018-15573"]}, {"type": "zdt", "idList": ["1337DAY-ID-37112"]}]}, "exploitation": null, "vulnersScore": 6.7}, "sourceHref": "https://packetstormsecurity.com/files/download/165194/rlm142-exec.txt", "sourceData": "`# Product: Reprise License Manager 14.2 \n# Vendor: Reprise Software \n# CVE ID: CVE-2021-44153 \n# Vulnerability Title: Authenticated Remote Binary Execution \n# Severity: High \n# Author(s): Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard \n# Date: 2021-11-25 \n############################################################# \n \nIntroduction: \n \nWhen editing the license file, it is possible for an admin user to enable an option to run arbitrary executables. \nAn attacker can exploit this to run a malicious binary on startup, or when triggering the \"Reread/Restart Servers\" function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.) \n \nVulnerability: \n \nA license file containing the following, would execute calc.exe as an example of this vulnerability, it is also possible to provide arguments to the executables: \n \nISV demo \"C:\\Windows\\System32\\calc.exe\" \n \nIf CVE-2018-15573 remains unpatched, files could be created on the system and then executed. \n \nRecommendation: \nDon't allow user-specified binaries to be run. Use a allow-list if absolutely required. \n \n`\n", "_state": {"dependencies": 1646172053}}

{"cve": [{"lastseen": "2022-03-23T19:48:57", "description": "An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo \"C:\\Windows\\System32\\calc.exe\" entry. An attacker can exploit this to run a malicious binary on startup, or when triggering the Reread/Restart Servers function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.)", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-13T04:15:00", "type": "cve", "title": "CVE-2021-44153", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15573", "CVE-2021-44153"], "modified": "2021-12-15T15:41:00", "cpe": ["cpe:/a:reprisesoftware:reprise_license_manager:14.2"], "id": "CVE-2021-44153", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44153", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:reprisesoftware:reprise_license_manager:14.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:42:02", "description": "** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf parameter. By default, the web interface is on port 5054, and does not require authentication. NOTE: the vendor has stated \"We do not consider this a vulnerability.\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-08-20T02:29:00", "type": "cve", "title": "CVE-2018-15573", "cwe": ["CWE-434"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15573"], "modified": "2021-12-21T14:47:00", "cpe": ["cpe:/a:reprisesoftware:reprise_license_manager:12.2bl2"], "id": "CVE-2018-15573", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15573", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:reprisesoftware:reprise_license_manager:12.2bl2:*:*:*:*:*:*:*"]}], "zdt": [{"lastseen": "2021-12-22T15:25:27", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-08T00:00:00", "type": "zdt", "title": "Reprise License Manager 14.2 Remote Binary Execution Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44153", "CVE-2018-15573"], "modified": "2021-12-08T00:00:00", "id": "1337DAY-ID-37112", "href": "https://0day.today/exploit/description/37112", "sourceData": "# Product: Reprise License Manager 14.2\n# Vendor: Reprise Software\n# CVE ID: CVE-2021-44153\n# Vulnerability Title: Authenticated Remote Binary Execution\n# Severity: High\n# Author(s): Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard \n#############################################################\n\nIntroduction:\n\nWhen editing the license file, it is possible for an admin user to enable an option to run arbitrary executables.\nAn attacker can exploit this to run a malicious binary on startup, or when triggering the \"Reread/Restart Servers\" function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.)\n\nVulnerability:\n\nA license file containing the following, would execute calc.exe as an example of this vulnerability, it is also possible to provide arguments to the executables:\n\nISV demo \"C:\\Windows\\System32\\calc.exe\"\n\nIf CVE-2018-15573 remains unpatched, files could be created on the system and then executed. \n\nRecommendation:\nDon't allow user-specified binaries to be run. Use a allow-list if absolutely required.\n", "sourceHref": "https://0day.today/exploit/37112", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}

Reprise License Manager 14.2 Remote Binary Execution

Description

Related