CVE-2024-38499

Improper Privilege Management Vulnerability in CA Client Automation 14.5

Severity Score

7.3

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands.

The desktop and server management solution Broadcom CA DSM stores some configuration data of its agent component locally on managed systems in encrypted form. The encrypted configuration data may include sensitive data like user credentials of service accounts. On a managed client system, low-privileged Windows users are able to extract the used cryptographic key material that is used for encrypting specific configuration data by exploiting a design security issue using the Common Application Framework (CAF) command line tool. Version 14.5.0.15 is affected.

*Credits: Matthias Deeg (e-mail: matthias.deeg@syss.de, Twitter/X: @matthiasdeeg)

CVSS Scores

Attack Vector

Local

Attack Complexity

High

Attack Requirements

Present

Privileges Required

Low

User Interaction

Active

System

Vulnerable | Subsequent

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-06-18 CVE Reserved
2024-12-17 CVE Published
2024-12-19 CVE Updated
2025-07-13 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-269: Improper Privilege Management
CWE-276: Incorrect Default Permissions

CAPEC

CAPEC-233: Privilege Escalation

References (1)

URL	Tag	Source
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25284

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Broadcom Search vendor "Broadcom"		Ca Client Automation Search vendor "Broadcom" for product "Ca Client Automation"				*		-		Affected