CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-18232

HIGH
7.8
CVSS Severity Score
EPSS Score0.1040%
EPSS Percentile18.92th
Published2019年12月11日
Last Modified2024年11月21日

Vulnerability Description

SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading to a privilege escalation. This vulnerability could also be used by an attacker to execute a malicious DLL, which could impact the integrity and availability of the system.

Affected Platforms (CPE)

📦
Gemalto

Sentinel Ldk License Manager

< 7.101

References & Advisories

🔗 https://www.us-cert.gov/ics/advisories/icsa-19-339-01
🔗 https://www.us-cert.gov/ics/advisories/icsa-19-339-01

関連する脆弱性情報

CVE-2021-329289.8

The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” tha...

CVE-2018-89006.1

The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote atta...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...