CVE-2024-2658 in FlexNet Publisherinfo

Summary

by MITRE • 01/30/2025

A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 01/31/2025

The vulnerability identified as CVE-2024-2658 represents a critical misconfiguration flaw within the FlexNet Publisher software ecosystem, specifically affecting lmadmin.exe utility in versions prior to 2024 R1. This issue stems from improper handling of OpenSSL configuration file paths, creating an attack surface where malicious actors can manipulate the software's cryptographic initialization process. The vulnerability is particularly concerning because it leverages a privilege escalation vector through a local authenticated user with low privileges, making it accessible to individuals who may not have elevated system access initially.

The technical exploitation mechanism involves a directory traversal and file loading vulnerability where the lmadmin.exe process attempts to load an openssl.conf configuration file from a predetermined path that may not exist. This misconfiguration creates a window of opportunity for attackers to create the expected directory structure and place a malicious openssl.conf file that references a specially crafted DLL. The flaw operates under CWE-22 which classifies it as a path traversal vulnerability, specifically allowing an attacker to manipulate file paths to load unintended resources. When the system processes this crafted configuration, it executes the malicious DLL with the privileges of the lmadmin.exe process, which typically runs with elevated permissions due to its administrative nature.

The operational impact of this vulnerability extends beyond simple privilege escalation as it provides a persistent attack vector that can be leveraged for further system compromise. An attacker who successfully exploits this vulnerability gains the ability to execute arbitrary code with elevated privileges, potentially allowing for complete system compromise. This scenario aligns with ATT&CK technique T1068 which describes privilege escalation through local exploitation of software vulnerabilities. The vulnerability's exploitation requires only local access and low-privilege authentication, making it particularly dangerous in environments where local accounts may be less rigorously controlled than network-based credentials.

Security professionals should implement immediate mitigations including updating to FlexNet Publisher 2024 R1 or later versions where this misconfiguration has been resolved. Organizations should also conduct thorough audits of their FlexNet Publisher installations to identify any systems running vulnerable versions. Network segmentation and access controls should be reviewed to limit local authentication capabilities where possible, while monitoring should be implemented to detect unusual directory creation patterns or file modifications in system directories. The vulnerability demonstrates the importance of proper input validation and secure configuration management in system administration tools, particularly those that handle cryptographic operations. Additionally, regular security assessments of third-party software components should include verification of configuration file handling and path resolution mechanisms to prevent similar misconfigurations that could lead to privilege escalation attacks.

Reservation

03/19/2024

Disclosure

01/30/2025

Moderation

accepted

CPE

ready

EPSS

0.00419

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!