CVE-2020-14517

CWE-326 CWE-327 — Broken Cryptographic Algorithm3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.1%

top 75.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wibu Codemeter

Timeline

PublishedSep 16

Latest updateMay 24

Description

Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDwibu/codemeter< 6.90

▶CVEListV5codemeterAll versions prior to 6.90, including Version 6.90 or newer only if CodeMeter Runtime is running as server.

🔴Vulnerability Details

GHSA

GHSA-hqvx-g6jw-22pw: Protocol encryption can be easily broken for CodeMeter (All versions prior to 6↗2022-05-24

▶

CVEList

CVE-2020-14517: Protocol encryption can be easily broken for CodeMeter (All versions prior to 6↗2020-09-16

▶