search cancel

INSECURE MANAGEMENT PROTOCOL CAM

book

Article ID: 133185

calendar_today

Updated On:

Products

CA Client Automation - Asset Management CA Client Automation - IT Client Manager CA Client Automation CA Client Automation - Software Delivery CA Client Automation - Remote Control CA Client Automation - Asset Intelligence CA Client Automation - Desktop Migration Manager CA Client Automation - Patch Manager

Issue/Introduction

We have received a finding “ 3 - Critical” from a customer penetration test. Do you have a resource that can help us answer the discovery? 
Is this a general problem that can be solved by a configuration change? 

4.3.2 INSECURE MANAGEMENT PROTOCOL CAM 
Classification: 

Impact: 
Spoofing, Hijacking 
Summary: 
The ATMs expose a management service that uses an insecure communication protocol. The ATMs expose a management service on UDP port 4104 that uses a plaintext communication protocol. The protocol in question seems to be the CA Message Queuing (CAM) protocol, as used by various CA automation solutions. Preliminary reverse engineering and manipulation of this protocol did not indicate any form of authentication within the protocol and showed that at least parts of the protocol are plaintext. Additionally, as the protocol uses UDP for transport, it is trivial to spoof the IP address of sender, which may circumvent IP based firewall rules. 
Due to a lack of protocol documentation or access to the CA application(s), the full capabilities of the protocol and their associated risks were not identified during the penetration test. 
Risk: 
An attacker, who has access to the ATM network, can use this finding to communicate with the various processes that listen to the CA Message Queue on the ATM. 

Level 3: critical 
Used to describe vulnerabilities that can lead to denial of service. This level is also used to describe vulnerabilities that may lead to system access through user interaction.

Environment

Release :

Component : CA Client Automation

Resolution


For ITCM r14 SP2 (14..0.2000)


The CAM UDP protocol itself is not encrypted by the nature of UDP, however, the traffic between the 2 endpoints are encrypted Furthermore, the authorization on each endpoint is validated by certificates

CAM is a transport protocol CAF (Client Auto Framework) uses it for communication,

Any traffic CAF creates is encrypted . so in concept all traffic is encrypted with the exception of packet routing information. However, since CAM is a messaging protocol someone or something can format a message using cam if they figure out how to do it. CAM by its nature has the power to do nothing except send data.

A listener on the other end needs to have rights to do something. Simply put, if someone creates an application who can receive messages from CAM , has the rights to install that app on a target system then yes there can be a vulnerability; however, that is true for just about anything. if someone has the rights to install an application that in it self is a vulnerability.

There is no list of items can be exposed as if anyone can figure out anything, then everything in tech is vulnerable