CVE-2021-44153

moderate-risk
Published 2021-12-13

An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windows\System32\calc.exe" entry. An attacker can exploit this to run a malicious binary on startup, or when triggering the Reread/Restart Servers function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.)

Do I need to act?

-
0.82% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Reprisesoftware

References (4)

Exploit http://packetstormsecurity.com/files/165194/Reprise-License-Manager-14.2-Remote-...
Patch https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes
Exploit http://packetstormsecurity.com/files/165194/Reprise-License-Manager-14.2-Remote-...
Patch https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes
34
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 3/34 · Minimal
Exposure 5/34 · Minimal