ID

VAR-201903-1614


CVE

CVE-2018-20032


TITLE

FlexNet Publisher Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015041

DESCRIPTION

A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. FlexNet Publisher Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Floating License Manager is prone to multiple security vulnerabilities Attackers can exploit these issues to shut down the affected device, denying service to legitimate users. Floating License Manager version 2.3.0.0 and prior are vulnerable

Trust: 1.89

sources: NVD: CVE-2018-20032 // JVNDB: JVNDB-2018-015041 // BID: 109155

AFFECTED PRODUCTS

vendor:flexeramodel:flexnet publisherscope:lteversion:11.16.1.0

Trust: 1.8

vendor:oraclemodel:communications lsmsscope:gteversion:13.1

Trust: 1.0

vendor:oraclemodel:communications lsmsscope:lteversion:13.4

Trust: 1.0

vendor:schneider electricmodel:floating license managerscope:eqversion:1.4

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.3

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.2

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.1

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.0

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:2.3.0.0

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:2.2.0.0

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:neversion:2.3.1.0

Trust: 0.3

sources: BID: 109155 // JVNDB: JVNDB-2018-015041 // NVD: CVE-2018-20032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20032
value: HIGH

Trust: 1.0

NVD: CVE-2018-20032
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201903-820
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-20032
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2018-20032
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-20032
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2018-015041 // CNNVD: CNNVD-201903-820 // NVD: CVE-2018-20032

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2018-015041 // NVD: CVE-2018-20032

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-820

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-820

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015041

PATCH

title:SA85979url:https://secuniaresearch.flexerasoftware.com/advisories/85979/

Trust: 0.8

title:Flexera Software FlexNet Publisher Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90309

Trust: 0.6

sources: JVNDB: JVNDB-2018-015041 // CNNVD: CNNVD-201903-820

EXTERNAL IDS

db:NVDid:CVE-2018-20032

Trust: 2.7

db:BIDid:109155

Trust: 1.9

db:ICS CERTid:ICSA-19-192-07

Trust: 1.7

db:SECUNIAid:85979

Trust: 1.6

db:ICS CERTid:ICSA-19-323-01

Trust: 1.4

db:ICS CERTid:ICSA-19-192-05

Trust: 1.4

db:JVNDBid:JVNDB-2018-015041

Trust: 0.8

db:AUSCERTid:ESB-2019.4384

Trust: 0.6

db:AUSCERTid:ESB-2019.3621

Trust: 0.6

db:AUSCERTid:ESB-2019.2582

Trust: 0.6

db:CNNVDid:CNNVD-201903-820

Trust: 0.6

sources: BID: 109155 // JVNDB: JVNDB-2018-015041 // CNNVD: CNNVD-201903-820 // NVD: CVE-2018-20032

REFERENCES

url:http://www.securityfocus.com/bid/109155

Trust: 2.2

url:https://www.us-cert.gov/ics/advisories/icsa-19-192-07

Trust: 1.7

url:https://secuniaresearch.flexerasoftware.com/advisories/85979/

Trust: 1.6

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.6

url:https://www.us-cert.gov/ics/advisories/icsa-19-323-01

Trust: 1.4

url:https://www.us-cert.gov/ics/advisories/icsa-19-192-05

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-20032

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20032

Trust: 0.8

url:https://support.citrix.com/article/ctx261963

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4384/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3621/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2582/

Trust: 0.6

url:www.controlmicrosystems.com

Trust: 0.3

sources: BID: 109155 // JVNDB: JVNDB-2018-015041 // CNNVD: CNNVD-201903-820 // NVD: CVE-2018-20032

CREDITS

Schneider Electric

Trust: 0.9

sources: BID: 109155 // CNNVD: CNNVD-201903-820

SOURCES

db:BIDid:109155
db:JVNDBid:JVNDB-2018-015041
db:CNNVDid:CNNVD-201903-820
db:NVDid:CVE-2018-20032

LAST UPDATE DATE

2024-11-23T22:06:19.122000+00:00


SOURCES UPDATE DATE

db:BIDid:109155date:2019-07-11T00:00:00
db:JVNDBid:JVNDB-2018-015041date:2019-11-20T00:00:00
db:CNNVDid:CNNVD-201903-820date:2022-04-12T00:00:00
db:NVDid:CVE-2018-20032date:2024-11-21T04:00:47.880

SOURCES RELEASE DATE

db:BIDid:109155date:2019-07-11T00:00:00
db:JVNDBid:JVNDB-2018-015041date:2019-04-22T00:00:00
db:CNNVDid:CNNVD-201903-820date:2019-03-21T00:00:00
db:NVDid:CVE-2018-20032date:2019-03-21T21:29:00.357