CVE-2020-8010

Related Files

CA Unified Infrastructure Management Nimsoft 7.80 Buffer Overflow

Posted Jul 31, 2020

Authored by wetw0rk | Site metasploit.com

This Metasploit module exploits a buffer overflow within the CA Unified Infrastructure Management nimcontroller. The vulnerability occurs in the robot (controller) component when sending a specially crafted directory_list probe. Technically speaking the target host must also be vulnerable to CVE-2020-8010 in order to reach the directory_list probe.

tags | exploit, overflow

advisories | CVE-2020-8010, CVE-2020-8012

SHA-256 | e8a39681b3226039c089f38664d93db9e42e085ada3d1e0f014237aa468bd3c9

Download | Favorite | View

CA Unified Infrastructure Management Command Execution

Posted Feb 14, 2020

Authored by Ken Williams, wetw0rk | Site www3.ca.com

CA Technologies, A Broadcom Company, is alerting customers to three vulnerabilities in CA Unified Infrastructure Management (Nimsoft / UIM). Multiple vulnerabilities exist that can allow an unauthenticated remote attacker to execute arbitrary code or commands, read from or write to systems, or conduct denial of service attacks. CA published solutions to address these vulnerabilities and recommends that all affected customers implement these solutions. The first vulnerability, CVE-2020-8010, occurs due to improper ACL handling. A remote attacker can execute commands, read from, or write to the target system. The second vulnerability, CVE-2020-8011, occurs due to a null pointer dereference. A remote attacker can crash the Controller service. The third vulnerability, CVE-2020-8012, occurs due to a buffer overflow vulnerability in the Controller service. A remote attacker can execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability

advisories | CVE-2020-8010, CVE-2020-8011, CVE-2020-8012

SHA-256 | 091817c9084bf974c8447837781753ec3e99d5062faa76769b21604190b2d347

Download | Favorite | View