Main Vulnerability Database Vulnerabilities #VU25415

#VU25415 Command Injection in Unified Infrastructure Management - CVE-2020-8010

Published: February 18, 2020 / Updated: August 3, 2020

Vulnerability identifier: #VU25415

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2020-8010

CWE-ID: CWE-77

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Unified Infrastructure Management

Software vendor:
Broadcom

Description

The vulnerability allows a remote user to execute arbitrary commands on the system.

The vulnerability exists due to improper ACL handling in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.

The robot versions below 7.97HF8, 9.20HF9 and 9.20SHF9 are affected.

Remediation

Vendor recommends to update to the following solutions to address the vulnerability:

robot_update patches 7.97HF8 (or above), 9.20HF9 (or above), and 9.20SHF9 (or above)

External links

https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2019/ca20200205-01-security-notice-for-ca-unified-infrastructure-management.html