Codemeter
CVE-2020-14513
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.
AnalysisAI
CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. Affected products include: Wibu Codemeter. Version information: prior to 6.81.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. Rated critical severity (CVSS 9.1),
A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. Rated high severity (CVSS 7.5), thi
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mecha
Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter befor
An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packe
This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are a
CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today