exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CA Unified Infrastructure Management Command Execution

CA Unified Infrastructure Management Command Execution
Posted Feb 14, 2020
Authored by Ken Williams, wetw0rk | Site www3.ca.com

CA Technologies, A Broadcom Company, is alerting customers to three vulnerabilities in CA Unified Infrastructure Management (Nimsoft / UIM). Multiple vulnerabilities exist that can allow an unauthenticated remote attacker to execute arbitrary code or commands, read from or write to systems, or conduct denial of service attacks. CA published solutions to address these vulnerabilities and recommends that all affected customers implement these solutions. The first vulnerability, CVE-2020-8010, occurs due to improper ACL handling. A remote attacker can execute commands, read from, or write to the target system. The second vulnerability, CVE-2020-8011, occurs due to a null pointer dereference. A remote attacker can crash the Controller service. The third vulnerability, CVE-2020-8012, occurs due to a buffer overflow vulnerability in the Controller service. A remote attacker can execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2020-8010, CVE-2020-8011, CVE-2020-8012
SHA-256 | 091817c9084bf974c8447837781753ec3e99d5062faa76769b21604190b2d347

CA Unified Infrastructure Management Command Execution

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20200205-01: Security Notice for CA Unified Infrastructure Management

Issued: February 5th, 2020
Last Updated: February 14th, 2020

CA Technologies, A Broadcom Company, is alerting customers to three
vulnerabilities in CA Unified Infrastructure Management (Nimsoft / UIM).
Multiple vulnerabilities exist that can allow an unauthenticated remote
attacker to execute arbitrary code or commands, read from or write to
systems, or conduct denial of service attacks. CA published solutions to
address these vulnerabilities and recommends that all affected customers
implement these solutions.

The first vulnerability, CVE-2020-8010, occurs due to improper ACL
handling. A remote attacker can execute commands, read from, or write to
the target system.

The second vulnerability, CVE-2020-8011, occurs due to a null pointer
dereference. A remote attacker can crash the Controller service.

The third vulnerability, CVE-2020-8012, occurs due to a buffer overflow
vulnerability in the Controller service. A remote attacker can execute
arbitrary code.


Risk Rating

High (cumulative)


Platform(s)

All supported robot platforms (i.e. Windows, Linux, Solaris, AIX, and
HPUX)


Affected Products

UIM product versions 9.20 and below are affected. The applicable
component is robot (also known as controller).
The robot versions below 7.97HF8, 9.20HF9 and 9.20SHF9 are affected.


How to determine if the installation is affected

Check for the controller version in IM or AC. If the version is lower
than 7.97HF8 for UIM 9.0.2, and 9.20HF9 or 9.20SHF9 for UIM 9.2.0, then
it is affected.


Solution

CA Technologies published the following solutions to address the
vulnerabilities:

robot_update patches 7.97HF8 (or above), 9.20HF9 (or above), and
9.20SHF9 (or above)

Note: UIM 8.5.1 users must upgrade robot to 7.97HF8.

Hotfixes are available at (url may wrap):
https://techdocs.broadcom.com/us/product-content/recommended-reading/techni
cal-document-index/ca-unified-infrastructure-management-hotfix-index.html


References

CVE-2020-8010 - CA UIM Probe Improper ACL Handling RCE
CVE-2020-8011 - CA UIM Improper Probe Handling NPD DoS
CVE-2020-8012 - CA UIM nimbuscontroller Buffer Overflow RCE


Acknowledgement

CVE-2020-8010 - Milton Valencia (wetw0rk), IBM Public Cloud Red Team
CVE-2020-8011 - Milton Valencia (wetw0rk), IBM Public Cloud Red Team
CVE-2020-8012 - Milton Valencia (wetw0rk), IBM Public Cloud Red Team


Change History

Version 1.0: 2020-02-05 - Initial Release
Version 1.1: 2020-02-14 - Clarified "How to determine if installation
is affected" section


CA customers may receive product alerts and advisories by subscribing
to Proactive Notifications on the support site.

Customers who require additional information about this notice may
contact CA Technologies Support at https://support.broadcom.com/

To report a suspected vulnerability in a CA Technologies product,
please send a summary to the CA Technologies Product Vulnerability
Response Team at ca.psirt <AT> broadcom.com

Security Notices, PGP key, disclosure policy, and related guidance can
be found at https://techdocs.broadcom.com/ca-psirt


Regards,
Ken Williams
Vulnerability and Incident Response, CA PSIRT
https://techdocs.broadcom.com/ca-psirt
Broadcom | broadcom.com | Kansas City, Missouri, USA
ken.williams <AT> broadcom.com | ca.psirt <AT> broadcom.com


Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom”
refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse
logo, Connecting everything, CA Technologies and the CA technologies
logo are among the trademarks of Broadcom. All trademarks, trade names,
service marks and logos referenced herein belong to their respective
companies.

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 15238)
Charset: utf-8

wsBVAwUBXkX9c7Z6yOO9o8STAQjKpwf/RExnHGFP+4zIlNd87RX5G6aKjms1ViYp
BCvqgpUPatEoM6ShJjcBB89+kdheMwhbDdPLWthSs8zuGSyv+SGZ0m/pWIRaYKjv
owXKZPoGLbJXuOtFhvj9j5KnDR/j1S3Cbz3TJHkHuhJ0BgR6xcqHgDSMVJpG78RT
MHWufIURi217sAh6ivu05oxQzbh9YHUiqX78PxePDpJX0z/+2dEYxxTRVjq0wC1j
zQFu3Zu2Z/VuXWzqa+XUzlGlGfiJMPl23rshSwKvasqseOirFH3eIYLl1SuxMu8m
1HYOYdpEDEOuPAaXjU+2He0r2s73nO/WomY2MZq9FREuHkWlQq4xqA==
=pDUq
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close