Authored by Andreas Fyhn Andersen, Mark Staal Steenberg, Oliver Lind Nordestgaard, Gionathan Armando Reale, Bilal El Ghoul

Reprise License Manager version 14.2 suffers from an authenticated remote binary execution vulnerability.

advisories | CVE-2021-44153

# Product:  Reprise License Manager 14.2
# Vendor: Reprise Software
# CVE ID: CVE-2021-44153
# Vulnerability Title: Authenticated Remote Binary Execution
# Severity: High
# Author(s): Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard
# Date: 2021-11-25
#############################################################

Introduction:

When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables.
An attacker can exploit this to run a malicious binary on startup, or when triggering the "Reread/Restart Servers" function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.)

Vulnerability:

A license file containing the following, would execute calc.exe as an example of this vulnerability, it is also possible to provide arguments to the executables:

ISV demo "C:WindowsSystem32calc.exe"

If CVE-2018-15573 remains unpatched, files could be created on the system and then executed.

Recommendation:
Don't allow user-specified binaries to be run. Use a allow-list if absolutely required.