Insecure File Access in CA Client Automation for Windows
CVE-2019-19231

7.3HIGH

Key Information:

Vendor
Ca Technologies, Broadcom Company
Status
Ca Client Automation
Vendor
CVE Published:
20 December 2019

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An insecure file access vulnerability in the CA Client Automation Agent for Windows could allow local attackers to gain escalated privileges. This issue affects multiple versions of the agent, potentially exposing sensitive information and granting unauthorized control over system resources. It is crucial for users of CA Client Automation to implement proper security measures to mitigate this risk and safeguard their systems. For detailed insights and remediation steps, refer to the official security notices provided by Broadcom.

Affected Version(s)

CA Client Automation 14.0

CA Client Automation 14.1

CA Client Automation 14.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-19231
Created by hessandrew

References

https://techdocs.broadcom.com/us/product-content/recommen...
x_refsource_CONFIRM
https://seclists.org/bugtraq/2019/Dec/41
mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/155758/CA-Client-Aut...
x_refsource_MISC

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.