Issue:
Autodesk: revenera CVE-2024-2658: FlexNet Publisher potential local privilege escalation issue.
potential vulnerability has been identified in FlexNet Publisher.
Causes:
Possible vulnerability.
Solution:
Autodesk Statement
• According to Revenera's article, the vulnerability is restricted to lmadmin.exe (affected module) which Autodesk doesn’t ship or use as part of the Network License Manager (NLM) installer to customers. Hence the shipped LMTOOLS is not affected by the vulnerability and doesn't require an immediate upgrade to the version 11.19.6
• Producers utilizing the vendor daemon with secure communications (TLS communications) enabled prior to FlexNet Publisher version 2024 R1: This vulnerability could affect producers who are using a secured communication protocol. However, it does not impact the Autodesk vendor daemon (adskflex.exe) as Autodesk does not currently support or use secured communications.
About the Author
Follow on Linkedin More Content by Jeff Arbogast