Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-8010

CWE-20 — Improper Input Validation CWE-200 — Information Exposure4 documents4 sources

Severity

9.8CRITICAL

EPSS

80.9%

top 0.85%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Broadcom Unified Infrastructure Management CA Technologies - A Broadcom Company CA Unified Infrastructure Management (nimsoft/uim)

Timeline

PublishedFeb 18

Latest updateMay 24

Description

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ca_technologies_-_a_broadcom_company/ca_unified_infrastructure_management_(nimsoft/uim)9.20 and below

▶NVDbroadcom/unified_infrastructure_management20.3.0 — 20.3.3+2

🔴Vulnerability Details

GHSA

GHSA-g8q4-vx2r-28r6: CA Unified Infrastructure Management (Nimsoft/UIM) 9↗2022-05-24

▶

CVEList

CVE-2020-8010: CA Unified Infrastructure Management (Nimsoft/UIM) 20↗2020-02-18

▶

💥Exploits & PoCs

Metasploit

CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow↗

▶