Primary

Context

FlexNet Publisher Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Vulnerability

Patched

A local privilege escalation vulnerability has been identified in FlexNet Publisher versions prior to 2024 R1 (11.19.6.0). The issue arises from a misconfiguration in lmadmin.exe, which allows the OpenSSL configuration file to be loaded from a non-existent directory. An unauthorized, locally authenticated user with low privileges could potentially create the directory and load a specially crafted openssl.conf file, leading to the execution of a malicious DLL with elevated privileges.

Impact

Exploitation of this vulnerability could allow local attackers to escalate privileges and execute arbitrary code in the context of the service account.

Remediation

Flexera Software has released an update to address this vulnerability. Users can refer to the FlexNet Publisher Knowledge Base for more details.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FlexNet Publisher Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Flexera FlexNet Publisher

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating