CVE-2021-44153 - OpenCVE

An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windows\System32\calc.exe" entry. An attacker can exploit this to run a malicious binary on startup, or when triggering the Reread/Restart Servers function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.)

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Reprisesoftware	Reprise License Manager

Configuration 1 [-]

cpe:2.3:a:reprisesoftware:reprise_license_manager:14.2:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/165194/Reprise-License-Manager-14.2-Remote-Binary-Execution.html	Exploit Third Party Advisory VDB Entry
https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes	Patch Product Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-13T03:33:19

Updated: 2021-12-13T03:33:19

Reserved: 2021-11-22T00:00:00

Link: CVE-2021-44153

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-12-13T04:15:07.223

Modified: 2021-12-15T15:41:24.567

Link: CVE-2021-44153

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo \"C:\\Windows\\System32\\calc.exe\" entry. An attacker can exploit this to run a malicious binary on startup, or when triggering the Reread/Restart Servers function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.)"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-13T03:33:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/165194/Reprise-License-Manager-14.2-Remote-Binary-Execution.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-44153", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo \"C:\\Windows\\System32\\calc.exe\" entry. An attacker can exploit this to run a malicious binary on startup, or when triggering the Reread/Restart Servers function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.)"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes", "refsource": "MISC", "url": "https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes"}, {"name": "http://packetstormsecurity.com/files/165194/Reprise-License-Manager-14.2-Remote-Binary-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/165194/Reprise-License-Manager-14.2-Remote-Binary-Execution.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-44153", "datePublished": "2021-12-13T03:33:19", "dateReserved": "2021-11-22T00:00:00", "dateUpdated": "2021-12-13T03:33:19", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:reprisesoftware:reprise_license_manager:14.2:*:*:*:*:*:*:*", "matchCriteriaId": "7398E968-24AF-4006-92A0-B9DDC49EF43D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo \"C:\\Windows\\System32\\calc.exe\" entry. An attacker can exploit this to run a malicious binary on startup, or when triggering the Reread/Restart Servers function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.)"}, {"lang": "es", "value": "Se ha detectado un problema en Reprise RLM versi\u00f3n 14.2. Al editar el archivo de licencia, es posible que un usuario administrador habilite una opci\u00f3n para ejecutar ejecutables arbitrarios, como lo demuestra una entrada de demostraci\u00f3n ISV \"C:\\Windows\\System32\\calc.exe\". Un atacante puede explotar esto para ejecutar un binario malicioso en el inicio, o cuando es activada la funci\u00f3n Reread/Restart Servers en el servidor web. (La explotaci\u00f3n no requiere CVE-2018-15573, porque el archivo de licencia est\u00e1 destinado a ser cambiado en la aplicaci\u00f3n)"}], "id": "CVE-2021-44153", "lastModified": "2021-12-15T15:41:24.567", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-13T04:15:07.223", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/165194/Reprise-License-Manager-14.2-Remote-Binary-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Product", "Vendor Advisory"], "url": "https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}