Codemeter
CVE-2020-14517
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.
AnalysisAI
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-326. Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API. Affected products include: Wibu Codemeter. Version information: prior to 6.90.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. Rated critical severity (CVSS 9.1),
A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. Rated high severity (CVSS 7.5), thi
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mecha
Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter befor
An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packe
This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are a
CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in
CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted licen
Same weakness CWE-326 – Inadequate Encryption Strength
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today