what you don't know can hurt you

CA Unified Infrastructure Management Privilege Escalation

CA Unified Infrastructure Management Privilege Escalation
Posted Nov 21, 2020
Authored by Ken Williams | Site www3.ca.com

CA Technologies, A Broadcom Company, is alerting customers to a vulnerability in CA Unified Infrastructure Management. A vulnerability exists that can allow a local attacker to elevate privileges. CA published solutions to address this vulnerability and recommends that all affected customers implement these solutions.

tags | advisory, local
advisories | CVE-2020-28421
MD5 | 40d9553df42f55a04250a34b4f366e8c

CA Unified Infrastructure Management Privilege Escalation

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20201116-01: Security Notice for CA Unified Infrastructure Management

Issued: November 16th, 2020
Last Updated: November 16th, 2020

CA Technologies, A Broadcom Company, is alerting customers to a
vulnerability in CA Unified Infrastructure Management. A vulnerability
exists that can allow a local attacker to elevate privileges. CA
published solutions to address this vulnerability and recommends that
all affected customers implement these solutions.

The vulnerability, CVE-2020-28421, occurs due to improper access
control. A local attacker can potentially elevate privileges.


Risk Rating

CVE-2020-28421 - High


Platform(s)

Microsoft Windows


Affected Products

CA Unified Infrastructure Management 20.1
CA Unified Infrastructure Management 9.2.0
CA Unified Infrastructure Management 9.1.0
CA Unified Infrastructure Management 9.0.2
Note: older, unsupported versions may be affected


Affected Components

The applicable component is robot (also known as controller).
Affected robot versions:
before 7.97HF11
before 9.20HF20
before 9.20SHF20 (secure)
before 9.30HF4
before 9.30SHF4 (secure)


Non-Affected Products

CA Unified Infrastructure Management 20.3


Non-Affected Components

Non-affected robot versions:
7.97HF11 or later
9.20HF20 or later
9.20SHF20 (secure) or later
9.30HF4 or later
9.30SHF4 (secure) or later


How to determine if the installation is affected

Check for the controller version in Infrastructure Manager or Admin
Console. If the version is lower than 7.97HF11 for UIM 9.0.2,
9.20HF20 or 9.20SHF20 for UIM 9.2.0, 9.30HF4 or 9.30SHF4 for UIM 20.1,
then it is affected.


Solution

CA Technologies published the following solutions to address the
vulnerabilities:

robot_update patches 7.97HF11 (or above), 9.20HF20 (or above) and
9.30HF4 (or above).

robot_update_secure patches 9.20SHF20 (or above) and 9.30SHF4 (or above).

Note: UIM 8.5.1 users must upgrade robot to 7.97HF11. UIM
9.1.0 users must upgrade robot to 9.20HF20 (or above).

Hotfixes are available at:
https://support.broadcom.com/external/content/release-announcements/CA-Unif
ied-Infrastructure-Management-Hotfix-Index/7233


References

CVE-2020-28421 – CA UIM improper access control privilege elevation


Acknowledgement

CVE-2020-28421 – Fabius Artrel


Change History

Version 1.0: 2020-11-16 - Initial Release


CA customers may receive product alerts and advisories by subscribing
to Proactive Notifications on the support site.

Customers who require additional information about this notice may
contact CA Technologies Support at https://support.broadcom.com/

To report a suspected vulnerability in a CA Technologies product,
please send a summary to the CA Technologies Product Vulnerability
Response Team at ca.psirt <AT> broadcom.com

Security Notices, PGP key, disclosure policy, and related guidance can
be found at:
https://support.broadcom.com/external/content/security-advisories/CA-Produc
t-Vulnerability-Response-Team-Contact-Information/1867


Regards,
Ken Williams
Vulnerability and Incident Response, CA PSIRT
https://techdocs.broadcom.com/ca-psirt
Broadcom | broadcom.com | Kansas City, Missouri, USA
ken.williams <AT> broadcom.com | ca.psirt <AT> broadcom.com


Copyright (c) 2020 Broadcom. All Rights Reserved. The term "Broadcom"
refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse
logo, Connecting everything, CA Technologies and the CA technologies
logo are among the trademarks of Broadcom. All trademarks, trade names,
service marks and logos referenced herein belong to their respective
companies.

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 15238)
Charset: utf-8

wsBVAwUBX7hE93DWZsOpNI4OAQiAcAgAqvsNL9t+DI5bO8q0/0vqjyqv/YHX66eU
NJx/MPaR0+iFZiNHr54KjD76+Pj+Fp4RsfCU0DNrk6DbrNp4K9wZFdinOLBVqg92
UoEjm5iGJwfiML2A1cL7+OSVU6eLJ7EuagbM4QKksLiCp4cqvZiEc8KrafGaw6Cg
8KSgcVz1uLtwH+Nek5D+fKwQkwNHnFFCINFniyy/nhVHZyKeUpxBa0h9Kjse1P2g
3bdcST3AzoasFWp8j/mGQ7qmzNtFCoUjNIG5wbksfrJdyJr1tILLpWaz2g7VXwL4
UYaBnRSrhsnkwdlX8VgP1Yq8ZGAzzI/7s+XAES14Ldhlh7M61SM0Vw==
=f9//
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    1 Files
  • 25
    Jul 25th
    1 Files
  • 26
    Jul 26th
    21 Files
  • 27
    Jul 27th
    8 Files
  • 28
    Jul 28th
    9 Files
  • 29
    Jul 29th
    12 Files
  • 30
    Jul 30th
    9 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close