cbcvebase.
CVE-2020-8010
published 2020-02-18

CVE-2020-8010: CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller)…

PriorityP277critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
48.67%
98.7th percentile
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.

Affected

4 ranges
VendorProductVersion rangeFixed in
broadcomunified_infrastructure_management<= 9.20
broadcomunified_infrastructure_management
broadcomunified_infrastructure_management20.3.0 – 20.3.3
ca_technologies_a_broadcom_companyca_unified_infrastructure_management

Detection & IOCsextracted from sources · hover to see the quote

commanddirectory_list
  • Monitor for unauthenticated remote commands, reads, or writes targeting the CA UIM robot (controller) component, which indicates exploitation of improper ACL handling.
  • Detect exploitation attempts sending a specially crafted 'directory_list' probe to the CA UIM nimcontroller component, which can be chained with CVE-2020-8010 ACL bypass to trigger a buffer overflow.
  • ·CVE-2020-8010 affects CA UIM versions 20.1, 20.3.x, and 9.20 and below; the Metasploit module specifically targets Nimsoft 7.80. Ensure detection coverage spans all affected version ranges.
  • ·The buffer overflow (separate CVE) is only reachable if the target is also vulnerable to CVE-2020-8010 (ACL bypass); both conditions must be present for full remote code execution via the Metasploit chain.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.