ID

VAR-190001-0356


TITLE

Wibu-Systems CodeMeter License Server Directory Traversal Vulnerability

Trust: 1.7

sources: IVD: 8e1e3a1a-e596-44f1-aab8-28036106c15c // CNVD: CNVD-2011-3494 // BID: 49437 // CNNVD: CNNVD-201109-016

DESCRIPTION

Wibu-Systems CodeMeter is a hardware-based software, file, access and media protection solution. The Wibu-Systems CodeMeter certificate server listens by default on port 22350, which allows for limited directory traversal attacks in virtual directories. Wibu-Systems CodeMeter is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to download arbitrary files with certain extensions from outside the server root directory. This may aid in further attacks. CodeMeter 4.30c is affected; other versions may also be vulnerable

Trust: 0.99

sources: CNVD: CNVD-2011-3494 // BID: 49437 // IVD: 8e1e3a1a-e596-44f1-aab8-28036106c15c

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 8e1e3a1a-e596-44f1-aab8-28036106c15c // CNVD: CNVD-2011-3494

AFFECTED PRODUCTS

vendor:wibumodel:codemeter 4.30cscope: - version: -

Trust: 1.1

vendor:wibumodel:codemeter 4.30dscope:neversion: -

Trust: 0.3

sources: IVD: 8e1e3a1a-e596-44f1-aab8-28036106c15c // CNVD: CNVD-2011-3494 // BID: 49437

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: 8e1e3a1a-e596-44f1-aab8-28036106c15c
value: MEDIUM

Trust: 0.2

IVD: 8e1e3a1a-e596-44f1-aab8-28036106c15c
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

sources: IVD: 8e1e3a1a-e596-44f1-aab8-28036106c15c

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201109-016

TYPE

Path traversal

Trust: 0.8

sources: IVD: 8e1e3a1a-e596-44f1-aab8-28036106c15c // CNNVD: CNNVD-201109-016

EXTERNAL IDS

db:BIDid:49437

Trust: 1.5

db:CNVDid:CNVD-2011-3494

Trust: 0.8

db:CNNVDid:CNNVD-201109-016

Trust: 0.6

db:IVDid:8E1E3A1A-E596-44F1-AAB8-28036106C15C

Trust: 0.2

sources: IVD: 8e1e3a1a-e596-44f1-aab8-28036106c15c // CNVD: CNVD-2011-3494 // BID: 49437 // CNNVD: CNNVD-201109-016

REFERENCES

url:http://aluigi.altervista.org/adv/codemeter_1-adv.txt

Trust: 0.9

url:http://www.securityfocus.com/bid/49437

Trust: 0.6

url:http://www.wibu.com/en/codemeter.html

Trust: 0.3

sources: CNVD: CNVD-2011-3494 // BID: 49437 // CNNVD: CNNVD-201109-016

CREDITS

Luigi Auriemma

Trust: 0.9

sources: BID: 49437 // CNNVD: CNNVD-201109-016

SOURCES

db:IVDid:8e1e3a1a-e596-44f1-aab8-28036106c15c
db:CNVDid:CNVD-2011-3494
db:BIDid:49437
db:CNNVDid:CNNVD-201109-016

LAST UPDATE DATE

2022-05-17T02:06:56.132000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-3494date:2011-09-05T00:00:00
db:BIDid:49437date:2011-12-22T18:30:00
db:CNNVDid:CNNVD-201109-016date:2011-09-06T00:00:00

SOURCES RELEASE DATE

db:IVDid:8e1e3a1a-e596-44f1-aab8-28036106c15cdate:2011-09-05T00:00:00
db:CNVDid:CNVD-2011-3494date:2011-09-05T00:00:00
db:BIDid:49437date:2011-09-02T00:00:00
db:CNNVDid:CNNVD-201109-016date:1900-01-01T00:00:00