License File Signature Vulnerability in CodeMeter by WIBU-SYSTEMS
CVE-2020-14515

7.5HIGH

Key Information:

Vendor: Wibu
Status: Codemeter
Vendor: CVE Published:; 16 September 2020

What is CVE-2020-14515?

The vulnerability in CodeMeter stems from a flaw in the license-file signature checking mechanism, impacting all versions prior to 6.90 when using CmActLicense update files associated with a specific Firm Code. This issue enables attackers to create arbitrary license files, effectively forging valid licenses that could be mistaken for those issued by legitimate vendors. Such exploitation threatens the integrity of licensing controls and could lead to unauthorized software use.

Affected Version(s)

CodeMeter All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code.

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2020
Vulnerability Reserved
Jun 19, 2020

Wibu

What is CVE-2020-14515?

Affected Version(s)

References

CVSS V3.1

Timeline