CVE-2021-44153

Published: 13/12/2021 Updated: 15/12/2021

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

An issue exists in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windows\System32\calc.exe" entry. An attacker can exploit this to run a malicious binary on startup, or when triggering the Reread/Restart Servers function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.)

Vulnerable Product	Search on Vulmon	Subscribe to Product
reprisesoftware reprise license manager 14.2

Reprise License Manager version 142 suffers from an authenticated remote binary execution vulnerability ...

# Product:  Reprise License Manager 142# Vendor:   Reprise Software # CVE ID:   CVE-2021-44153 # Vulnerability Title: Authenticated Remote Binary Execution # Severity: High # Author(s): Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard   # Date:&n ...

NVD-CWE-noinfo http://packetstormsecurity.com/files/165194/Reprise-License-Manager-14.2-Remote-Binary-Execution.html https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes https://nvd.nist.gov http://seclists.org/fulldisclosure/2021/Dec/18

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-44153

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect