Details of VAR-190001-0356

ID

VAR-190001-0356

TITLE

Wibu-Systems CodeMeter License Server Directory Traversal Vulnerability

Trust: 1.7

sources: IVD: 8e1e3a1a-e596-44f1-aab8-28036106c15c // CNVD: CNVD-2011-3494 // BID: 49437 // CNNVD: CNNVD-201109-016

DESCRIPTION

Wibu-Systems CodeMeter is a hardware-based software, file, access and media protection solution. The Wibu-Systems CodeMeter certificate server listens by default on port 22350, which allows for limited directory traversal attacks in virtual directories. Wibu-Systems CodeMeter is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to download arbitrary files with certain extensions from outside the server root directory. This may aid in further attacks. CodeMeter 4.30c is affected; other versions may also be vulnerable

Trust: 0.99

sources: CNVD: CNVD-2011-3494 // BID: 49437 // IVD: 8e1e3a1a-e596-44f1-aab8-28036106c15c

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 8e1e3a1a-e596-44f1-aab8-28036106c15c // CNVD: CNVD-2011-3494

AFFECTED PRODUCTS

vendor:	wibu	model:	codemeter 4.30c	scope:	-	version:	-	Trust: 1.1
vendor:	wibu	model:	codemeter 4.30d	scope:	ne	version:	-	Trust: 0.3

sources: IVD: 8e1e3a1a-e596-44f1-aab8-28036106c15c // CNVD: CNVD-2011-3494 // BID: 49437

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD:	8e1e3a1a-e596-44f1-aab8-28036106c15c
value:	MEDIUM
Trust: 0.2

IVD:	8e1e3a1a-e596-44f1-aab8-28036106c15c
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2

sources: IVD: 8e1e3a1a-e596-44f1-aab8-28036106c15c

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201109-016

TYPE

Path traversal

Trust: 0.8

sources: IVD: 8e1e3a1a-e596-44f1-aab8-28036106c15c // CNNVD: CNNVD-201109-016

EXTERNAL IDS

db:	BID	id:	49437	Trust: 1.5
db:	CNVD	id:	CNVD-2011-3494	Trust: 0.8
db:	CNNVD	id:	CNNVD-201109-016	Trust: 0.6
db:	IVD	id:	8E1E3A1A-E596-44F1-AAB8-28036106C15C	Trust: 0.2

sources: IVD: 8e1e3a1a-e596-44f1-aab8-28036106c15c // CNVD: CNVD-2011-3494 // BID: 49437 // CNNVD: CNNVD-201109-016

REFERENCES

url:	http://aluigi.altervista.org/adv/codemeter_1-adv.txt	Trust: 0.9
url:	http://www.securityfocus.com/bid/49437	Trust: 0.6
url:	http://www.wibu.com/en/codemeter.html	Trust: 0.3

sources: CNVD: CNVD-2011-3494 // BID: 49437 // CNNVD: CNNVD-201109-016

CREDITS

Luigi Auriemma

Trust: 0.9

sources: BID: 49437 // CNNVD: CNNVD-201109-016

SOURCES

db:	IVD	id:	8e1e3a1a-e596-44f1-aab8-28036106c15c
db:	CNVD	id:	CNVD-2011-3494
db:	BID	id:	49437
db:	CNNVD	id:	CNNVD-201109-016

LAST UPDATE DATE

2022-05-17T02:06:56.132000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-3494	date:	2011-09-05T00:00:00
db:	BID	id:	49437	date:	2011-12-22T18:30:00
db:	CNNVD	id:	CNNVD-201109-016	date:	2011-09-06T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	8e1e3a1a-e596-44f1-aab8-28036106c15c	date:	2011-09-05T00:00:00
db:	CNVD	id:	CNVD-2011-3494	date:	2011-09-05T00:00:00
db:	BID	id:	49437	date:	2011-09-02T00:00:00
db:	CNNVD	id:	CNNVD-201109-016	date:	1900-01-01T00:00:00