exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CA Client Automation 14.x Privilege Escalation

CA Client Automation 14.x Privilege Escalation
Posted Dec 25, 2019
Authored by Kevin Kotas, Andrew Hess | Site www3.ca.com

A vulnerability exists in CA Client Automation that can allow a local attacker to gain escalated privileges. CA published solutions to address the vulnerability and recommends that all affected customers implement the applicable solution. The vulnerability, CVE-2019-19231, occurs due to insecure file access by the agent services. A local attacker may exploit this vulnerability to execute arbitrary commands with escalated privileges on an installation of the Client Automation agent. The Windows agent in CA Client Automation versions 14.0, 14.1, 14.2, and 14.3 are affected.

tags | advisory, arbitrary, local
systems | windows
advisories | CVE-2019-19231
SHA-256 | f83b28b09c7c76554eda487fcb8f48e6c31754eb1815d5deca6571ca3cc74d47

CA Client Automation 14.x Privilege Escalation

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20191218-01: Security Notice for CA Client Automation Agent for
Windows

Issued: December 18, 2019
Last Updated: December 18, 2019

CA Technologies, A Broadcom Company, is alerting customers to a
potential risk with CA Client Automation agent on Windows. A
vulnerability exists that can allow a local attacker to gain
escalated privileges. CA published solutions to address the
vulnerability and recommends that all affected customers implement
the applicable solution.

The vulnerability, CVE-2019-19231, occurs due to insecure file
access by the agent services. A local attacker may exploit this
vulnerability to execute arbitrary commands with escalated
privileges on an installation of the Client Automation agent.

Risk Rating

High

Platform(s)

Windows

Affected Products

CA Client Automation 14.0, 14.1, 14.2, 14.3 Windows agent

Affected Component

CA Client Automation Agent for Windows

How to determine if the installation is affected

Only the CA Client Automation agent on Windows is vulnerable.
Customers may check the .his file for the presence of the fix.

Solution

CA Technologies published the following solutions to address the
vulnerabilities.

Agents for CA Client Automation R14, R14 SP1 (14.0, 14.1):
Update to CA Client Automation R14 SP2 or SP3 and apply the
appropriate fix for R14 SP2 or SP3.

Agents for CA Client Automation R14 SP2 (14.2):
SO11134

Agents for CA Client Automation R14 SP3 (14.3):
SO11210

References

CVE-2019-19231 - CA Client Automation Agent privilege escalation

Acknowledgement

CVE-2019-19231 - Andrew Hess

Change History

Version 1.0: 2019-12-18 - Initial Release

CA customers may receive product alerts and advisories by
subscribing to Proactive Notifications on the support site.

Customers who require additional information about this notice may
contact CA Technologies Support at https://casupport.broadcom.com/

To report a suspected vulnerability in a CA Technologies product,
please send a summary to CA Technologies Product Vulnerability
Response at ca.psirt <AT> broadcom.com

Security Notices, PGP key, and disclosure policy and guidance
https://techdocs.broadcom.com/ca-psirt

Kevin Kotas
CA Product Security Incident Response Team

Copyright 2019 Broadcom. All Rights Reserved. The term "Broadcom"
refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse
logo, Connecting everything, CA Technologies and the CA technologies
logo are among the trademarks of Broadcom. All trademarks, trade
names, service marks and logos referenced herein belong to their
respective companies.

-----BEGIN PGP SIGNATURE-----
Charset: utf-8

wsBVAwUBXf0b9LZ6yOO9o8STAQiRngf6A4NlGriQt6XvSPTmUSsNWYYrUGfWo2i4
gVQC0wyp8rmzwTh+Wq6/DCW7YoTqMSEefpRfTDONwGztBDvIm7Ag79IHYXNHn7Oh
kT4M8YnlfyOmCcntNLgAlZLlaZlaQceVKkKQdLFMANpuRvVK4XDF13ad9UKxsTJh
zKFJ0hFgv9OliSR7MFepz+SMxd+OCPIHhz46JfMee7C5hN4Gw4uM+gIs/PwPdFM4
sZmlADI+mUiyqu+Dv/h62O8nJ12voe6SK5AD+GO8qpl8YQT1oujEa6MCa56Rdei2
4m1EEQyoedw+3bjd67c+DTwBJJAcSPhibKvfAwyppXth9vMqMMZOIw==
=HhfF
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close