Sign-up

ID

VAR-201903-1613


CVE

CVE-2018-20034


TITLE

FlexNet Publisher Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015042

DESCRIPTION

A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. FlexNet Publisher Contains an input validation vulnerability.Denial of service (DoS) May be in a state. Schneider Electric Floating License Manager is prone to multiple security vulnerabilities Attackers can exploit these issues to shut down the affected device, denying service to legitimate users. Floating License Manager version 2.3.0.0 and prior are vulnerable

Trust: 1.89

sources: NVD: CVE-2018-20034 // JVNDB: JVNDB-2018-015042 // BID: 109155

AFFECTED PRODUCTS

vendor:flexeramodel:flexnet publisherscope:lteversion:11.16.1.0

Trust: 1.8

vendor:oraclemodel:communications lsmsscope:lteversion:13.4

Trust: 1.0

vendor:oraclemodel:communications lsmsscope:gteversion:13.1

Trust: 1.0

vendor:schneider electricmodel:floating license managerscope:eqversion:1.4

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.3

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.2

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.1

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.0

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:2.3.0.0

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:2.2.0.0

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:neversion:2.3.1.0

Trust: 0.3

sources: BID: 109155 // JVNDB: JVNDB-2018-015042 // NVD: CVE-2018-20034

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20034
value: HIGH

Trust: 1.0

NVD: CVE-2018-20034
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201903-821
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-20034
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2018-20034
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-20034
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2018-015042 // CNNVD: CNNVD-201903-821 // NVD: CVE-2018-20034

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2018-015042 // NVD: CVE-2018-20034

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-821

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-821

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015042

PATCH
title:SA85979url:https://secuniaresearch.flexerasoftware.com/advisories/85979/
Trust: 0.8
title:Flexera Software FlexNet Publisher Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90310
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-015042 // 
            
            
            
            CNNVD: CNNVD-201903-821

EXTERNAL IDS
db:NVDid:CVE-2018-20034
Trust: 2.7
db:BIDid:109155
Trust: 1.9
db:ICS CERTid:ICSA-19-192-07
Trust: 1.7
db:SECUNIAid:85979
Trust: 1.6
db:ICS CERTid:ICSA-19-192-05
Trust: 1.4
db:ICS CERTid:ICSA-19-323-01
Trust: 1.4
db:JVNDBid:JVNDB-2018-015042
Trust: 0.8
db:AUSCERTid:ESB-2019.4384
Trust: 0.6
db:AUSCERTid:ESB-2019.3621
Trust: 0.6
db:AUSCERTid:ESB-2019.2582
Trust: 0.6
db:CNNVDid:CNNVD-201903-821
Trust: 0.6
sources:
            
            
            BID: 109155 // 
            
            
            
            JVNDB: JVNDB-2018-015042 // 
            
            
            
            CNNVD: CNNVD-201903-821 // 
            
            
            
            NVD: CVE-2018-20034

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-192-07
Trust: 1.7
url:https://secuniaresearch.flexerasoftware.com/advisories/85979/
Trust: 1.6
url:https://www.oracle.com/security-alerts/cpuoct2021.html
Trust: 1.6
url:http://www.securityfocus.com/bid/109155
Trust: 1.6
url:https://www.us-cert.gov/ics/advisories/icsa-19-323-01
Trust: 1.4
url:https://www.us-cert.gov/ics/advisories/icsa-19-192-05
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2018-20034
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20034
Trust: 0.8
url:https://support.citrix.com/article/ctx261963
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4384/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3621/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2582/
Trust: 0.6
url:www.controlmicrosystems.com
Trust: 0.3
sources:
            
            
            BID: 109155 // 
            
            
            
            JVNDB: JVNDB-2018-015042 // 
            
            
            
            CNNVD: CNNVD-201903-821 // 
            
            
            
            NVD: CVE-2018-20034

CREDITS
Schneider Electric
Trust: 0.9
sources:
            
            
            BID: 109155 // 
            
            
            
            CNNVD: CNNVD-201903-821

SOURCES
db:BIDid:109155
db:JVNDBid:JVNDB-2018-015042
db:CNNVDid:CNNVD-201903-821
db:NVDid:CVE-2018-20034

LAST UPDATE DATE
2024-08-14T14:04:30.976000+00:00

SOURCES UPDATE DATE
db:BIDid:109155date:2019-07-11T00:00:00
db:JVNDBid:JVNDB-2018-015042date:2019-11-20T00:00:00
db:CNNVDid:CNNVD-201903-821date:2022-04-12T00:00:00
db:NVDid:CVE-2018-20034date:2022-04-11T20:40:52.313

SOURCES RELEASE DATE
db:BIDid:109155date:2019-07-11T00:00:00
db:JVNDBid:JVNDB-2018-015042date:2019-04-22T00:00:00
db:CNNVDid:CNNVD-201903-821date:2019-03-21T00:00:00
db:NVDid:CVE-2018-20034date:2019-03-21T21:29:00.403