CVE-2020-8010
CA Unified Infrastructure Management Command Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, y 9.20 y posteriores contienen una vulnerabilidad de manejo de ACL inadecuada en el componente robot (controlador). Un atacante remoto puede ejecutar comandos, leer o escribir en el sistema de destino
CA Technologies, A Broadcom Company, is alerting customers to three vulnerabilities in CA Unified Infrastructure Management (Nimsoft / UIM). Multiple vulnerabilities exist that can allow an unauthenticated remote attacker to execute arbitrary code or commands, read from or write to systems, or conduct denial of service attacks. CA published solutions to address these vulnerabilities and recommends that all affected customers implement these solutions. The first vulnerability, CVE-2020-8010, occurs due to improper ACL handling. A remote attacker can execute commands, read from, or write to the target system. The second vulnerability, CVE-2020-8011, occurs due to a null pointer dereference. A remote attacker can crash the Controller service. The third vulnerability, CVE-2020-8012, occurs due to a buffer overflow vulnerability in the Controller service. A remote attacker can execute arbitrary code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-27 CVE Reserved
- 2020-02-14 CVE Published
- 2020-07-31 First Exploit
- 2024-08-04 CVE Updated
- 2025-05-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (4)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://packetstorm.news/files/id/158693 | 2020-07-31 | |
http://packetstormsecurity.com/files/158693/CA-Unified-Infrastructure-Management-Nimsoft-7.80-Buffer-Overflow.html | 2024-08-04 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Broadcom Search vendor "Broadcom" | Unified Infrastructure Management Search vendor "Broadcom" for product "Unified Infrastructure Management" | <= 9.20 Search vendor "Broadcom" for product "Unified Infrastructure Management" and version " <= 9.20" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Unified Infrastructure Management Search vendor "Broadcom" for product "Unified Infrastructure Management" | >= 20.3.0 <= 20.3.3 Search vendor "Broadcom" for product "Unified Infrastructure Management" and version " >= 20.3.0 <= 20.3.3" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Unified Infrastructure Management Search vendor "Broadcom" for product "Unified Infrastructure Management" | 20.1 Search vendor "Broadcom" for product "Unified Infrastructure Management" and version "20.1" | - |
Affected
|