CyberSec.Space Logo
Back to CVE Browser

CVE-2019-18232

HIGH
7.8
CVSS Severity Score
EPSS Score0.1040%
EPSS Percentile18.92th
PublishedDec 11, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading to a privilege escalation. This vulnerability could also be used by an attacker to execute a malicious DLL, which could impact the integrity and availability of the system.

Affected Platforms (CPE)

📦
Gemalto

Sentinel Ldk License Manager

< 7.101

References & Advisories

🔗 https://www.us-cert.gov/ics/advisories/icsa-19-339-01
🔗 https://www.us-cert.gov/ics/advisories/icsa-19-339-01

Related Vulnerabilities

CVE-2021-329289.8

The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” tha...

CVE-2018-89006.1

The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote atta...

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...