CVE-2018-20033
Last modified
CVE-2018-20033 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. EPSS estimates a 3.67% chance of exploitation in the next 30 days.
Description
A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Flexera | Flexnet Publisher | <= 11.16.1.0 |
| Oracle | Communications Lsms | >= 13.1, <= 13.4 |
References
- http://www.securityfocus.com/bid/109155Broken Link
- https://secuniaresearch.flexerasoftware.com/advisories/85979/Not Applicable, Vendor Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
- http://www.securityfocus.com/bid/109155Broken Link
- https://secuniaresearch.flexerasoftware.com/advisories/85979/Not Applicable, Vendor Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-20033?
How severe is CVE-2018-20033?
How do I fix CVE-2018-20033?
Are you affected by CVE-2018-20033?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST