CVE-2016-10395

low-risk

Published 2017-06-15

In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.

Do I need to act?

-

0.07% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (1)

Flexnet Publisher

Affected Vendors

Flexerasoftware

References (12)

https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01

Permissions Required https://secuniaresearch.flexerasoftware.com/advisories/76368/

https://www.citect.schneider-electric.com/safety-and-security-central/36-securit...

https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/

https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/

https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/

https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01

Permissions Required https://secuniaresearch.flexerasoftware.com/advisories/76368/

https://www.citect.schneider-electric.com/safety-and-security-central/36-securit...

https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/

https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/

https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/

29

/ 100

low-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal