Autodesk: Possible vulnerability revenera “CVE-2024-2658: FlexNet Publisher potential local privilege escalation issue”

August 9, 2024 Jeff Arbogast

Issue:
Autodesk: revenera CVE-2024-2658: FlexNet Publisher potential local privilege escalation issue.
potential vulnerability has been identified in FlexNet Publisher.

https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2024-2658-FlexNet-Publisher-potential-local-privilege/ta-p/313003/jump-to/first-unread-message

Causes:
Possible vulnerability.

Solution:

Autodesk Statement
• According to Revenera's article, the vulnerability is restricted to lmadmin.exe (affected module) which Autodesk doesn’t ship or use as part of the Network License Manager (NLM) installer to customers. Hence the shipped LMTOOLS is not affected by the vulnerability and doesn't require an immediate upgrade to the version 11.19.6

• Producers utilizing the vendor daemon with secure communications (TLS communications) enabled prior to FlexNet Publisher version 2024 R1: This vulnerability could affect producers who are using a secured communication protocol. However, it does not impact the Autodesk vendor daemon (adskflex.exe) as Autodesk does not currently support or use secured communications.

About the Author

Manufacturing Solution Center Team Lead<br><br>Jeff is responsible for manufacturing Technical Support for both internal staff and customers. In addition to the daily activities of the support center, he helps write for the National Support Center blog, and has written online classes for the IMAGINiT training on demand site.
Follow on Linkedin More Content by Jeff Arbogast

How to Install IMAGINiT Utilities for Civil 3D 2025 Standalone

You need to install the Standalone IMAGINiT Utilities for Civil 3D 2025-2020 and want to know how. Here's t...

Uninstall an Autodesk product when the Custom Install Deployment is no longer available

You want to uninstall an Autodesk product but the original deployment package is no longer available in the...

Get Tips Delivered.

Subscribe to Email Updates.

Email Address

First Name

Last Name

Country

Thank you!

Error - something went wrong!

Return to Resources

Welcome to our Hub

Autodesk: Possible vulnerability revenera “CVE-2024-2658: FlexNet Publisher potential local privilege escalation issue”

About the Author

Previous Article

Next Article

Solutions Beyond Software™

Autodesk: Possible vulnerability revenera “CVE-2024-2658: FlexNet Publisher potential local privilege escalation issue”

About the Author

Previous Article

Next Article

Most Recent Articles

How to find a specific job in the Vault Job Server Queue

Display settings for controlling the display of file versions/revisions in the Vault Thin Client

A scheduled task deletes a licensing file that prevents Autodesk products from starting.

Problems producing a PDF from an AutoCAD .dwg using the IMAGINiT Utilities for Vault Client may be due to the condition of AutoCAD on the Job Processor host and whether the drawing is open in AutoCAD.

Installing the Vault Client 2024.3.1 update on the Vault Server host causes an unhandled exception for the Vault Metadata Update tool from the IMAGINiT Utilities for Vault Server version 24.0.8650.

You need to install the Standalone IMAGINiT Utilities for Civil 3D 2025-2020 and want to know how. Here's the step-by-step guide.

You want to uninstall an Autodesk product but the original deployment package is no longer available in the original location. Here's what you need to know and do.

Here are the steps to follow to get an authcode and install the IMAGINiT Utilities for Revit 2025.

Our utilities run directly inside Autodesk Vault and are designed to remove redundancies and rework, by automating repetitive tasks, saving your team time and effort.

How to speed up the processing of DXF CAM files, DXF sheet metal flat pattern files and stp files.

When installing an Autodesk product, error 1327 is received, which references an invalid drive number.

When you sign into Autodesk with your accounts page or from the products page in the Apple Safari browser in macOS on a Mac computer, the login page may be slow to load or might show an error.

Our utilities run directly inside Autodesk Civil 3D and are designed to remove redundancies and rework, by automating repetitive tasks, saving your team time and effort.

Here's what you need to know and do if you get the Autodesk Install error: [Product] The install couldn’t finish. Error 4000

Our utilities run directly inside Autodesk Revit and are designed to remove redundancies and rework, by automating repetitive tasks, saving your team time and effort.

The Inventor Read-only Undo folder, by default the Windows temporary folder, is full. Or the user doesn't have write permissions to the folder. Here's what you need to know and do.

The current workaround is to edit the AutoCAD Electrical 2025 shortcut properties, and set to use a High DPI scale override. Here's how to do that.

There are documents on this however I have noticed in Civil 3D 2025 making changes to the /Product in the icon target field causes fatal errors.

Solutions Beyond Software™