UIM vulnerabilities CVE-2020-8010, CVE-2020-8011, CVE-2020-8012

book

Article ID: 222700

calendar_today

Updated On:

Products

DX Infrastructure Management CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) NIMSOFT PROBES

Issue/Introduction

The first vulnerability, CVE-2020-8010, occurs due to improper ACL handling. A remote attacker can execute commands, read from, or write to the target system.

The second vulnerability, CVE-2020-8011, occurs due to a null pointer dereference. A remote attacker can crash the Controller service.

The third vulnerability, CVE-2020-8012, occurs due to a buffer overflow vulnerability in the Controller service. A remote attacker can execute arbitrary code.

 

 

 

 

Environment

Release : UIM 20.3.x

Component : Robot - 9.32, 9.33

 

 

Resolution

UIM product versions 20.1.x, 20.3.x, and 9.20 and below are affected. The applicable component is robot (also known as controller).

The robot versions below 7.97HF8, 9.20HF9, 9.20SHF9, 9.33HF5, and 9.33SHF5 are affected

For UIM 20.3.x this issue has been fixed and robot_update_9.33_HF5 has been released. Can be downloaded from the UIM HF Index link below

https://support.broadcom.com/external/content/release-announcements/CA-Unified-Infrastructure-Management-Hotfix-Index/7233

Additional Information

CA20200205-01: Security Notice for CA Unified Infrastructure Management