Local File Modification Vulnerability in CA Common Services Software
CVE-2016-9795

7.8HIGH

Key Information:

Vendor: Broadcom
Status: Ca Workload Automation Ae; Client Automation; Systemedge; Systems Performance For Infrastructure Managers
Vendor: CVE Published:; 27 January 2017

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2016-9795?

The casrvc program integrated within CA Common Services is susceptible to local file modification vulnerabilities, allowing local users to modify arbitrary files. This exploitation leads to the potential for escalating privileges to the root level, presenting significant security risks across multiple operating systems including AIX, HP-UX, Linux, and Solaris. It is critical for organizations using affected products to apply the necessary updates and mitigations to safeguard their systems.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CA-Common-Services-privilege-escalation-cve-2016-9795-revisited
Created by blogresponder

References

http://www.securityfocus.com/archive/1/540062/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://www.ca.com/us/services-support/ca-support/ca-supp...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1037730

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Dec 29, 2020
👾
Exploit known to exist
Dec 29, 2020
Vulnerability published
Jan 27, 2017
Vulnerability Reserved
Dec 2, 2016

Broadcom

Badges

What is CVE-2016-9795?

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline