ID

VAR-201902-0854


CVE

CVE-2018-20033


TITLE

FlexNet Publisher Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014650

DESCRIPTION

A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated. FlexNet Publisher Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Floating License Manager is prone to multiple security vulnerabilities Attackers can exploit these issues to shut down the affected device, denying service to legitimate users. Floating License Manager version 2.3.0.0 and prior are vulnerable

Trust: 1.98

sources: NVD: CVE-2018-20033 // JVNDB: JVNDB-2018-014650 // BID: 109155 // VULMON: CVE-2018-20033

AFFECTED PRODUCTS

vendor:flexeramodel:flexnet publisherscope:lteversion:11.16.1.0

Trust: 1.8

vendor:oraclemodel:communications lsmsscope:gteversion:13.1

Trust: 1.0

vendor:oraclemodel:communications lsmsscope:lteversion:13.4

Trust: 1.0

vendor:schneider electricmodel:floating license managerscope:eqversion:1.4

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.3

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.2

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.1

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.0

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:2.3.0.0

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:2.2.0.0

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:neversion:2.3.1.0

Trust: 0.3

sources: BID: 109155 // JVNDB: JVNDB-2018-014650 // NVD: CVE-2018-20033

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20033
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-20033
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201902-907
value: CRITICAL

Trust: 0.6

VULMON: CVE-2018-20033
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-20033
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2018-20033
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-20033
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2018-20033 // JVNDB: JVNDB-2018-014650 // CNNVD: CNNVD-201902-907 // NVD: CVE-2018-20033

PROBLEMTYPE DATA

problemtype:CWE-770

Trust: 1.0

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2018-014650 // NVD: CVE-2018-20033

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-907

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201902-907

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014650

PATCH

title:SA85979url:https://secuniaresearch.flexerasoftware.com/advisories/85979/

Trust: 0.8

title:Flexera Software FlexNet Publisher lmgrd and vendor daemon Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89642

Trust: 0.6

title:IBM: IBM Security Bulletin: Security vulnerability in FlexNet Publisher affects IBM Rational License Key Serverurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=18a5bc40ab87d26b3b0190a947f7a33f

Trust: 0.1

sources: VULMON: CVE-2018-20033 // JVNDB: JVNDB-2018-014650 // CNNVD: CNNVD-201902-907

EXTERNAL IDS

db:NVDid:CVE-2018-20033

Trust: 2.8

db:BIDid:109155

Trust: 2.0

db:SECUNIAid:85979

Trust: 1.7

db:ICS CERTid:ICSA-19-192-07

Trust: 1.7

db:ICS CERTid:ICSA-19-192-05

Trust: 1.4

db:ICS CERTid:ICSA-19-323-01

Trust: 1.4

db:JVNDBid:JVNDB-2018-014650

Trust: 0.8

db:AUSCERTid:ESB-2019.4384

Trust: 0.6

db:AUSCERTid:ESB-2019.3621

Trust: 0.6

db:AUSCERTid:ESB-2019.1146

Trust: 0.6

db:AUSCERTid:ESB-2019.2582

Trust: 0.6

db:CNNVDid:CNNVD-201902-907

Trust: 0.6

db:VULMONid:CVE-2018-20033

Trust: 0.1

sources: VULMON: CVE-2018-20033 // BID: 109155 // JVNDB: JVNDB-2018-014650 // CNNVD: CNNVD-201902-907 // NVD: CVE-2018-20033

REFERENCES

url:http://www.securityfocus.com/bid/109155

Trust: 2.3

url:https://secuniaresearch.flexerasoftware.com/advisories/85979/

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.7

url:https://www.us-cert.gov/ics/advisories/icsa-19-192-07

Trust: 1.7

url:https://www.us-cert.gov/ics/advisories/icsa-19-323-01

Trust: 1.4

url:https://www.us-cert.gov/ics/advisories/icsa-19-192-05

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-20033

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20033

Trust: 0.8

url:https://support.citrix.com/article/ctx261963

Trust: 0.6

url:http://www.ibm.com/support/docview.wss

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4384/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/78450

Trust: 0.6

url:http://www.ibm.com/support/docview.wss?uid=ibm10879027

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3621/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2582/

Trust: 0.6

url:www.controlmicrosystems.com

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/770.html

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=59717

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2018-20033 // BID: 109155 // JVNDB: JVNDB-2018-014650 // CNNVD: CNNVD-201902-907 // NVD: CVE-2018-20033

CREDITS

Schneider Electric

Trust: 0.9

sources: BID: 109155 // CNNVD: CNNVD-201902-907

SOURCES

db:VULMONid:CVE-2018-20033
db:BIDid:109155
db:JVNDBid:JVNDB-2018-014650
db:CNNVDid:CNNVD-201902-907
db:NVDid:CVE-2018-20033

LAST UPDATE DATE

2024-11-23T22:06:19.181000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2018-20033date:2022-04-18T00:00:00
db:BIDid:109155date:2019-07-11T00:00:00
db:JVNDBid:JVNDB-2018-014650date:2019-11-20T00:00:00
db:CNNVDid:CNNVD-201902-907date:2022-04-19T00:00:00
db:NVDid:CVE-2018-20033date:2024-11-21T04:00:48.007

SOURCES RELEASE DATE

db:VULMONid:CVE-2018-20033date:2019-02-25T00:00:00
db:BIDid:109155date:2019-07-11T00:00:00
db:JVNDBid:JVNDB-2018-014650date:2019-04-01T00:00:00
db:CNNVDid:CNNVD-201902-907date:2019-02-25T00:00:00
db:NVDid:CVE-2018-20033date:2019-02-25T20:29:00.233