CVE-2019-8960

A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:flexera:flexnet_publisher:11.16.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-04-21 15:15

Updated : 2024-02-04 21:00

NVD link : CVE-2019-8960

Mitre link : CVE-2019-8960

CVE.ORG link : CVE-2019-8960

JSON object : View

Products Affected

flexera

flexnet_publisher

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

{"id": "CVE-2019-8960", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-04-21T15:15:14.397", "references": [{"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de Denegaci\u00f3n de Servicio relacionada con el manejo de comandos en lmadmin.exe de FlexNet Publisher versi\u00f3n 11.16.2. La funci\u00f3n de lectura de mensajes usada en el archivo lmadmin.exe puede, al recibir un determinado mensaje, llamarse as\u00ed misma y luego esperar un nuevo mensaje. Con un flag particular establecido en el mensaje original, pero sin recibir un segundo mensaje, la funci\u00f3n retorna eventualmente un valor inesperado que conlleva a que una excepci\u00f3n sea arrojada. El resultado final puede ser una finalizaci\u00f3n del proceso."}], "lastModified": "2020-04-28T19:42:49.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:flexera:flexnet_publisher:11.16.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95A119D7-F1C2-4F65-925F-CF0EF44B58CB"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com"}