CVE-2020-12080
Description
A remote, unauthenticated attacker can crash FlexNet Publisher's lmadmin.exe v11.16.6 by sending a crafted FLEX_MSG_QUORUM message with an oversized integer, causing an unhandled exception.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A remote, unauthenticated attacker can crash FlexNet Publisher's lmadmin.exe v11.16.6 by sending a crafted FLEX_MSG_QUORUM message with an oversized integer, causing an unhandled exception.
Vulnerability
A denial-of-service vulnerability exists in FlexNet Publisher's lmadmin.exe version 11.16.6. The flaw is in the processing of FLEX_MSG_QUORUM messages. The obj14_Parse_FLEX_MSG_QUORUM function fails to properly validate a user-supplied signed 32-bit integer before passing it as a size argument to the C++ operator new[]. A value of 0x7fffffff (or any large positive integer) causes new to throw an unhandled exception, leading to crash of the lmadmin process [1].
Exploitation
An unauthenticated, remote attacker can exploit this flaw without any prior authentication or special network position. The attacker sends a crafted FLEX_MSG_QUORUM message to the lmadmin service, specifying a 32-bit integer field set to 0x7fffffff. The code reads this integer from the message and, if positive, uses it directly as the allocation size in operator new[], causing the exception [1].
Impact
Successful exploitation results in termination of the lmadmin.exe process, causing a denial-of-service condition. The crash prevents the license manager from responding to legitimate license requests, disrupting licensing operations for all FlexNet Publisher clients [1].
Mitigation
As of the publication date, no fix was available. Users of FlexNet Publisher version 11.16.6 should apply any vendor-issued patches as soon as they become available. Until a patch is released, network access to the lmadmin service should be restricted to trusted hosts as a workaround [1]. This CVE is not listed in CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- FlexNet Publisher/lmadmindescription
- Range: = 11.16.6
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input validation on a specific message protocol (message 282) causes an unhandled exception in lmadmin.exe, leading to a crash."
Attack vector
An unauthenticated attacker on the network sends a crafted message (message type 282) to the lmadmin service listening on TCP port 27000. The malformed message triggers an unhandled exception in the XalanMemoryManager code path, causing the process to crash. No authentication or prior interaction is required, making this a remotely exploitable denial-of-service condition [ref_id=1].
Affected code
The vulnerability resides in lmadmin.exe (FlexNet Publisher version 11.16.6). The crash occurs within the XalanMemoryManager code path of lmadmin when processing a specific message protocol (message 282). The Tenable advisory identifies the affected binary and version but does not specify a particular source file or function name beyond the stack trace symbols.
What the fix does
The advisory states that the fix is to upgrade to FlexNet Publisher version 11.17.0 [ref_id=1]. No patch diff is provided in the bundle, so the specific code changes are unknown. The upgrade presumably adds input validation or exception handling for the malformed message 282 that previously caused the crash.
Preconditions
- networkThe lmadmin service must be running and listening on TCP port 27000 (default).
- authNo authentication or session is required; the attacker can be unauthenticated.
Reproduction
The advisory references a PoC script named `flexera_fnp_lmadmin_msg_282_dos_cve-2020-12080.py` and provides the usage: `python flexera_fnp_lmadmin_msg_282_dos_cve-2020-12080.py -t
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2020-12080-Remediated-in-FlexNet-Publisher/ta-p/143873mitrex_refsource_CONFIRM
- community.flexera.com/t5/FlexNet-Publisher-News/FlexNet-Publisher-2020-R2-11-17-0-is-here/ba-p/144017/jump-to/first-unread-messagemitrex_refsource_CONFIRM
- www.tenable.com/security/research/tra-2020-28mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.