CVE-2020-10056

Summary

A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges.

Affected Software

VendorProductVersion RangeStatus
Siemens AGLicense Management Utility (LMU)All versions < V2.4affected

Weaknesses

  • CWE-250: CWE-250: Execution with Unnecessary Privileges

ADP Enrichment

CVE Program Container

Additional References

References