QID 591086

Date Published: 2022-10-13

QID 591086: WIBU Systems CodeMeter Runtime Denial of Service (DoS) Vulnerability (WIBU-210910-01)

AFFECTED PRODUCTS
CodeMeter Runtime: All versions prior to Version 7.30a

QID Detection Logic (Authenticated)
QID checks for the Vulnerable version using windows registry keys.

On successful exploitation, a local attacker could cause a Denial of Service by overwriting existing files on the affected system.

CVSS V3 rated as High - 7.1 severity.

CVSS V2 rated as Medium - 3.6 severity.

Solution

The Vendor has provided fix in version 7.30a for updates pertaining the vulnerability.Workaround:
The Vendor has provided the following workarounds:

1. Restrict unprivileged access to machines running the CodeMeter License Server service.
2. Disable the container type Mass Storage in CodeMeter - Set the value of the key HKEY_LOCAL_MACHINE\SOFTWARE\WIBUSYSTEMS\CodeMeter\Server\CurrentVersion\EnabledContainerTypes to 429496729. 3. Restart CodeMeter to apply this change.

Vendor References

WIBU-210910-01 - cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdf

CVEs related to QID 591086

CVE-2021-41057 |

Software Advisories

Advisory ID	Software	Component	Link
WIBU-210910-01			cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdf

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].