CVE-2019-8960

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination.

Se ha identificado una vulnerabilidad de Denegación de Servicio relacionada con el manejo de comandos en lmadmin.exe de FlexNet Publisher versión 11.16.2. La función de lectura de mensajes usada en el archivo lmadmin.exe puede, al recibir un determinado mensaje, llamarse así misma y luego esperar un nuevo mensaje. Con un flag particular establecido en el mensaje original, pero sin recibir un segundo mensaje, la función retorna eventualmente un valor inesperado que conlleva a que una excepción sea arrojada. El resultado final puede ser una finalización del proceso.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-02-20 CVE Reserved
2020-04-21 CVE Published
2023-03-07 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-754: Improper Check for Unusual or Exceptional Conditions

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message	2020-04-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Flexera Search vendor "Flexera"		Flexnet Publisher Search vendor "Flexera" for product "Flexnet Publisher"				11.16.2 Search vendor "Flexera" for product "Flexnet Publisher" and version "11.16.2"		-		Affected