Login Sign Up

CVE-2018-19635

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2018-19635 is a privilege escalation vulnerability in CA Service Desk Manager that allows authenticated users to gain administrative privileges through the user interface. This affects versions 14.1 and 17 of the software. Attackers with standard user accounts can exploit this to take full control of the system.

💻 Affected Systems

Products:
  • CA Service Desk Manager
Versions: 14.1 and 17
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Service Desk Manager by Broadcom

View all CVEs affecting Service Desk Manager →

Service Desk Manager by Ca

View all CVEs affecting Service Desk Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where attackers gain administrative privileges, access sensitive data, modify configurations, and potentially use the system as a foothold for lateral movement.

🟠

Likely Case

Privileged attackers escalate to administrative roles, access confidential service desk data, and manipulate ticket workflows or user permissions.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to unauthorized privilege changes that can be detected and rolled back.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires authenticated access but exploitation is straightforward through the UI.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches from CA Security Notice CA20190117-01

Vendor Advisory: https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20190117-01-security-notice-for-ca-service-desk-manager.html

Restart Required: Yes

Instructions:

1. Download the patch from CA Support. 2. Backup the system. 3. Apply the patch according to CA documentation. 4. Restart the Service Desk Manager service.

🔧 Temporary Workarounds

Restrict User Access

all

Limit user accounts to only necessary personnel and implement strict access controls.

Enhanced Monitoring

all

Monitor for privilege escalation attempts and unusual administrative activity.

🧯 If You Can't Patch

  • Isolate the Service Desk Manager system from critical networks
  • Implement application-level monitoring for privilege changes and administrative actions

🔍 How to Verify

Check if Vulnerable:

Check if running CA Service Desk Manager version 14.1 or 17 without the CA20190117-01 patch.

Check Version:

Check the application version through the Service Desk Manager interface or configuration files.

Verify Fix Applied:

Verify patch installation by checking version information and confirming with CA support documentation.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected privilege changes
  • User role modifications outside normal workflows
  • Administrative actions from non-admin accounts

Network Indicators:

  • Unusual authentication patterns to administrative endpoints

SIEM Query:

source="ca_service_desk" AND (event_type="privilege_change" OR event_type="role_modification")

📊 Metadata

CVE ID: CVE-2018-19635
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-269
Published: January 22, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-19635, you might also want to check these:

CVE-2023-48419 10.0

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victi...

Same vulnerability type (CWE-269)
CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)