Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-8012

CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

9.8CRITICAL

EPSS

83.9%

top 0.70%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Broadcom Unified Infrastructure Management CA Technologies - A Broadcom Company CA Unified Infrastructure Management (nimsoft/uim)

Timeline

PublishedFeb 18

Latest updateMay 24

Description

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ca_technologies_-_a_broadcom_company/ca_unified_infrastructure_management_(nimsoft/uim)9.20 and below

▶NVDbroadcom/unified_infrastructure_management20.3.0 — 20.3.3+2

🔴Vulnerability Details

GHSA

GHSA-cvw3-9vqh-r4q9: CA Unified Infrastructure Management (Nimsoft/UIM) 9↗2022-05-24

▶

CVEList

CVE-2020-8012: CA Unified Infrastructure Management (Nimsoft/UIM) 20↗2020-02-18

▶

💥Exploits & PoCs

Exploit-DB

CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow↗2020-03-02

▶