Flexera CVE-2024-2658
Atempo teams are aware of this CVE which is reported by several scanners to impact the currently used lmgrd version 11.18.3 used by Atempo products to obtain license tokens.
Atempo teams have completed the verifications, and were able to conclude that Atempo products are not impacted by this vulnerability.
CVE-2024-2658 impacts lmadmin.exe which is not packaged into the installer provided by Atempo along with their products.
Excerpt from https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2024-2658-FlexNet-Publisher-potential-local-privilege/ta-p/313003 publication:
Description
A misconfiguration in FlexNet Publisher lmadmin.exe allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges.
Categories
- Advisories (17)
- CVE (6)
- Software Alerts (6)
Articles / Posts
- Tomcat CVE-2025-24813
- Flexera CVE-2024-2658
- Curl CVE-2024-7264 vulnerability
- Tenable.sc Report: OpenSSL 3.0.0 < 3.0.15 Vulnerability
- Software Alert – Tina 4.9.1 – VMWare
- Apache CVE-2023-25690 vulnerability
- ADVISORY ID :TINA202301 Impersonation
- Advisory ID : LINA/ADE-2023-0002
- Advisory ID : LINA/ADE-2023-0001
- Software Alert – Tina 4.6.9 – Hyper-V