CVE-2020-10056
09.09.2020, 19:15
A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges.Enginsight
| Vendor | Product | Version |
|---|---|---|
| siemens | license_management_utility | 𝑥 < 2.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-250 - Execution with Unnecessary PrivilegesThe software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.