CVE-2024-24977 – This vulnerability in Intel License Manager for... (How to Fix)

Q: What is the severity of CVE-2024-24977?

CVE-2024-24977 has a CVSS score of 6.7 (MEDIUM). This vulnerability in Intel License Manager for FLEXlm allows authenticated local users to escalate privileges by manipulating the software's search path. It affects organizations using Intel FLEXlm license management software before version 11.19.5.0.

📋 TL;DR

This vulnerability in Intel License Manager for FLEXlm allows authenticated local users to escalate privileges by manipulating the software's search path. It affects organizations using Intel FLEXlm license management software before version 11.19.5.0.

💻 Affected Systems

Products:

Intel License Manager for FLEXlm

Versions: All versions before 11.19.5.0

Operating Systems: Windows, Linux (where FLEXlm is deployed)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local authenticated access to the system running Intel License Manager.

📦 What is this software?

License Manager For Flexim by Intel

View all CVEs affecting License Manager For Flexim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Authenticated attacker gains SYSTEM/root privileges on the host, enabling complete system compromise and lateral movement.

🟠

Likely Case

Authenticated user with standard privileges gains administrative rights on the local system.

🟢

If Mitigated

Attack fails due to proper access controls, patched software, or restricted local user permissions.

🌐 Internet-Facing: LOW - Requires local authenticated access, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal users with local access could exploit, but requires authentication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of DLL/executable search order manipulation and local access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.19.5.0

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01126.html

Restart Required: Yes

Instructions:

1. Download Intel License Manager version 11.19.5.0 or later from Intel support portal. 2. Stop all FLEXlm license services. 3. Install the updated version. 4. Restart license services and verify functionality.

🔧 Temporary Workarounds

Restrict local user permissions

all

Limit standard user permissions on systems running Intel License Manager to prevent DLL/executable placement in search paths.

Use application whitelisting

all

Implement application control policies to prevent unauthorized executables from running from user-writable directories.

🧯 If You Can't Patch

Implement strict access controls to limit which users can log into systems running Intel License Manager.
Monitor for suspicious process creation or privilege escalation attempts using endpoint detection tools.

🔍 How to Verify

Check if Vulnerable:

Check Intel License Manager version via GUI or lmutil -v command. Versions below 11.19.5.0 are vulnerable.

Check Version:

lmutil -v

Verify Fix Applied:

Confirm version is 11.19.5.0 or higher using lmutil -v command and verify license services are functioning normally.

📡 Detection & Monitoring

Log Indicators:

Unexpected process execution from user-writable directories
Privilege escalation events in Windows Event Logs or Linux audit logs

Network Indicators:

Unusual license check patterns if attacker modifies license behavior

SIEM Query:

Process creation where parent process is Intel License Manager and executable path contains user directories

📊 Metadata

CVE ID: CVE-2024-24977

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-427

Published: August 14, 2024

Last Updated: September 12, 2024

🔗 References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01126.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24977, you might also want to check these: