Buffer Overflow Vulnerability in CA Unified Infrastructure Management by Broadcom
CVE-2020-8012

9.8CRITICAL

Key Information:

Vendor: Ca Technologies - A Broadcom Company
Status: Ca Unified Infrastructure Management (nimsoft/uim)
Vendor: CVE Published:; 18 February 2020

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 80%

What is CVE-2020-8012?

The CA Unified Infrastructure Management, specifically versions 20.1, 20.3.x, and 9.20 or below, is prone to a buffer overflow vulnerability within its controller component. This security flaw could allow a remote attacker to execute arbitrary code, potentially compromising the system and its data. Proper patching and security measures are essential to mitigate the risks associated with this vulnerability.

Affected Version(s)

CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Exploit-Development
Created by wetw0rk

References

https://techdocs.broadcom.com/us/product-content/status/a...

x_refsource_CONFIRM

http://packetstormsecurity.com/files/156577/Nimsoft-nimco...

x_refsource_MISC

http://packetstormsecurity.com/files/158693/CA-Unified-In...

x_refsource_MISC

EPSS Score

80% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2020
Vulnerability Reserved
Jan 27, 2020
🟡
Public PoC available
Apr 26, 2017
👾
Exploit known to exist
Apr 26, 2017

Ca Technologies - A Broadcom Company

Badges

What is CVE-2020-8012?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

EPSS Score

CVSS V3.1

Timeline