CVE-2009-0043
published 2009-01-08CVE-2009-0043: The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows…
PriorityP272critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
46.45%
98.7th percentile
The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ca | service_level_management | — | — |
| ca | service_metric_analysis | — | — |
| ca | service_metric_analysis | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated remote connections to the smmsnmpd service via netcat or telnet delivering bracket-wrapped command strings (e.g. [<command>]) ↗
- →Alert on arbitrary OS command execution spawned as child processes of smmsnmpd, indicating successful exploitation of the insufficient access restriction vulnerability ↗
- ·Affected versions are CA Service Metric Analysis r11.0, r11.1, r11.1 SP1 and Service Level Management 3.5 only; patched or newer versions are not affected ↗
- ·The exploit command syntax uses bracket-wrapped payloads (e.g. [ipconfig /all]); detection rules should account for this specific framing as the command delivery format ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/07.aspxhttp://securityreason.com/securityalert/4887http://www.securityfocus.com/archive/1/499857/100/0/threadedhttp://www.securityfocus.com/bid/33161http://www.vupen.com/english/advisories/2009/0053https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=196148http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/07.aspxhttp://securityreason.com/securityalert/4887http://www.securityfocus.com/archive/1/499857/100/0/threadedhttp://www.securityfocus.com/bid/33161http://www.vupen.com/english/advisories/2009/0053https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=196148
2009-01-08
Published