PT-2020-6604 · Wibu Systems · Codemeter

Published

2020-09-16

Updated

2021-11-04

CVE-2020-14517

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CodeMeter versions prior to 6.90 CodeMeter version 6.90 or newer, if CodeMeter Runtime is running as server

Description The issue is related to the use of defective cryptographic algorithms in the CodeMeter software, which can be exploited by an attacker to remotely communicate with the CodeMeter API. This may allow the attacker to execute arbitrary code.

Recommendations For CodeMeter versions prior to 6.90, update to version 6.90 or later to resolve the issue. For CodeMeter version 6.90 or newer, if CodeMeter Runtime is running as server, consider disabling the server functionality to prevent external connections until a patch is available. As a temporary workaround, restrict access to the CodeMeter API to minimize the risk of exploitation.

Fix

Inadequate Encryption Strength

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326CWE-327

Related Identifiers

BDU:2022-00986

CVE-2020-14517

Affected Products

Codemeter

PT-2020-6604 · Wibu Systems · Codemeter

CVE-2020-14517

Weakness Enumeration

Related Identifiers

Affected Products

References · 5