var-201411-0382
Vulnerability from variot
Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file. Wibu-Systems CodeMeter is a hardware-based software, file, access and media protection solution. CodeMeter has a local privilege escalation vulnerability that can be exploited by local attackers to enforce arbitrary code with system privileges. CodeMeter is prone to a local privilege-escalation vulnerability. CodeMeter Weak Service Permissions
Vendor Website : http://www.codemeter.com
INDEX
1. Background
2. Description
3. Affected Products
4. Solution
6. Credit
7. Disclosure Timeline
8. CVE
1. BACKGROUND
CodeMeter from Wibu-Systems provides maximum protection against software piracy and is bundled with multiple open-source products.
2. DESCRIPTION
When the CodeMeter runtime is installed on a Microsoft Windows operating system, it creates a service named "codemeter.exe". When installed with the default settings, this service allows Read/Write access to any user, meaning any user can modify the location of the binary executed by the service with SYSTEM privileges.
It should be noted that this vulnerability is not present in the most recent version of Codemeter runtime (currently 5.20).
3. AFFECTED PRODUCTS
Only the following versions have been confirmed vulnerable:
CodeMeter Runtime 4.50b
CodeMeter Runtime 4.40
CodeMeter Runtime 4.20b
4. VULNERABILITIES
4.1 codemeter.exe
5. SOLUTION
Vendor contacted and approved for disclosure as most recent version is not vulnerable.
6. CREDIT
This vulnerability was discovered by Andrew Smith and Matt Smith of Sword & Shield Enterprise Security.
7. DISCLOSURE TIMELINE
7-16-2014 - Vulnerability Discovered
8-11-2014 - Vendor Informed
11-20-2014 - Public Disclosure
8. CVE
CVE-2014-8419
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0382",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codemeter runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "wibu",
"version": "5.10c"
},
{
"model": "codemeter runtime",
"scope": "lt",
"trust": 0.8,
"vendor": "wibu",
"version": "5.20"
},
{
"model": "codemeter",
"scope": null,
"trust": 0.6,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter runtime",
"scope": "eq",
"trust": 0.6,
"vendor": "wibu",
"version": "5.10c"
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.3,
"vendor": "wibu",
"version": "4.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codemeter runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e"
},
{
"db": "CNVD",
"id": "CNVD-2014-08518"
},
{
"db": "BID",
"id": "71264"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"db": "NVD",
"id": "CVE-2014-8419"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.10c",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8419"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrew Smith and Matt Smith of Sword \u0026 Shield Enterprise Security",
"sources": [
{
"db": "BID",
"id": "71264"
}
],
"trust": 0.3
},
"cve": "CVE-2014-8419",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-8419",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2014-08518",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "a04f2417-b6da-40e8-aac7-926846407d0e",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8419",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-08518",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-502",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e"
},
{
"db": "CNVD",
"id": "CNVD-2014-08518"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"db": "NVD",
"id": "CVE-2014-8419"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file. Wibu-Systems CodeMeter is a hardware-based software, file, access and media protection solution. CodeMeter has a local privilege escalation vulnerability that can be exploited by local attackers to enforce arbitrary code with system privileges. CodeMeter is prone to a local privilege-escalation vulnerability. CodeMeter Weak Service Permissions\n\nVendor Website : http://www.codemeter.com\n\n INDEX\n---------------------------------------\n 1. Background\n 2. Description\n 3. Affected Products\n 4. Solution\n 6. Credit\n 7. Disclosure Timeline\n 8. CVE\n\n1. BACKGROUND\n---------------------------------------\n CodeMeter from Wibu-Systems provides maximum protection against software piracy and is bundled with multiple open-source products. \n\n2. DESCRIPTION\n---------------------------------------\n\n When the CodeMeter runtime is installed on a Microsoft Windows operating system, it creates a service named \"codemeter.exe\". When installed with the default settings, this service allows Read/Write access to any user, meaning any user can modify the location of the binary executed by the service with SYSTEM privileges. \n\n It should be noted that this vulnerability is not present in the most recent version of Codemeter runtime (currently 5.20). \n\n\n3. AFFECTED PRODUCTS\n---------------------------------------\n Only the following versions have been confirmed vulnerable: \n\n CodeMeter Runtime 4.50b\n CodeMeter Runtime 4.40\n CodeMeter Runtime 4.20b\n\n \n4. VULNERABILITIES\n---------------------------------------\n\n 4.1 codemeter.exe\n\n\n5. SOLUTION\n---------------------------------------\n Vendor contacted and approved for disclosure as most recent version is not vulnerable. \n\n\n6. CREDIT\n---------------------------------------\n This vulnerability was discovered by Andrew Smith and Matt Smith of Sword \u0026 Shield Enterprise Security. \n\n\n7. DISCLOSURE TIMELINE\n---------------------------------------\n 7-16-2014 - Vulnerability Discovered\n 8-11-2014 - Vendor Informed\n 11-20-2014 - Public Disclosure\n\n\n8. CVE\n---------------------------------------\n CVE-2014-8419\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8419"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"db": "CNVD",
"id": "CNVD-2014-08518"
},
{
"db": "BID",
"id": "71264"
},
{
"db": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e"
},
{
"db": "PACKETSTORM",
"id": "129234"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8419",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "129234",
"trust": 2.5
},
{
"db": "BID",
"id": "71264",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-08518",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201411-502",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005669",
"trust": 0.8
},
{
"db": "IVD",
"id": "A04F2417-B6DA-40E8-AAC7-926846407D0E",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e"
},
{
"db": "CNVD",
"id": "CNVD-2014-08518"
},
{
"db": "BID",
"id": "71264"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"db": "PACKETSTORM",
"id": "129234"
},
{
"db": "NVD",
"id": "CVE-2014-8419"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
]
},
"id": "VAR-201411-0382",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e"
},
{
"db": "CNVD",
"id": "CNVD-2014-08518"
}
],
"trust": 1.3009009
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e"
},
{
"db": "CNVD",
"id": "CNVD-2014-08518"
}
]
},
"last_update_date": "2023-12-18T13:57:42.059000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.wibu.com/en/home.html"
},
{
"title": "Patch for Wibu-Systems CodeMeter Local Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/52128"
},
{
"title": "CodeMeter-5.20.1471-504.i386",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52558"
},
{
"title": "CmRuntimeUser_5.20.1471.504",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52557"
},
{
"title": "CodeMeterRuntime-5.20",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52556"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08518"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"db": "NVD",
"id": "CVE-2014-8419"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/129234/codemeter-weak-service-permissions.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/534079/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8419"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8419"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/71264"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/534079/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.wibu.com/en/codemeter.html"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2014/nov/124"
},
{
"trust": 0.1,
"url": "http://www.codemeter.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8419"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08518"
},
{
"db": "BID",
"id": "71264"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"db": "PACKETSTORM",
"id": "129234"
},
{
"db": "NVD",
"id": "CVE-2014-8419"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e"
},
{
"db": "CNVD",
"id": "CNVD-2014-08518"
},
{
"db": "BID",
"id": "71264"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"db": "PACKETSTORM",
"id": "129234"
},
{
"db": "NVD",
"id": "CVE-2014-8419"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-26T00:00:00",
"db": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e"
},
{
"date": "2014-11-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08518"
},
{
"date": "2014-11-24T00:00:00",
"db": "BID",
"id": "71264"
},
{
"date": "2014-12-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"date": "2014-11-24T10:32:22",
"db": "PACKETSTORM",
"id": "129234"
},
{
"date": "2014-11-26T15:59:06.107000",
"db": "NVD",
"id": "CVE-2014-8419"
},
{
"date": "2014-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08518"
},
{
"date": "2014-11-24T00:00:00",
"db": "BID",
"id": "71264"
},
{
"date": "2014-12-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"date": "2018-10-09T19:54:15.713000",
"db": "NVD",
"id": "CVE-2014-8419"
},
{
"date": "2014-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "71264"
},
{
"db": "PACKETSTORM",
"id": "129234"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wibu-Systems CodeMeter Local Privilege Escalation Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e"
},
{
"db": "CNVD",
"id": "CNVD-2014-08518"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
],
"trust": 0.6
}
}
Loading...