Login Sign Up

CVE-2020-28421

7.8 HIGH

📋 TL;DR

This vulnerability in CA Unified Infrastructure Management allows local attackers to escalate privileges on affected systems. Attackers with existing local access can gain higher privileges through the robot (controller) component. Organizations running CA UIM versions 20.1 or earlier are affected.

💻 Affected Systems

Products:
  • CA Unified Infrastructure Management
Versions: 20.1 and earlier
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: The robot (controller) component is vulnerable. All deployments with affected versions are vulnerable regardless of configuration.

📦 What is this software?

Unified Infrastructure Management by Broadcom

View all CVEs affecting Unified Infrastructure Management →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where an attacker gains administrative/root privileges, potentially leading to data theft, system manipulation, or lateral movement across the network.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, install malware, or access restricted data and functions.

🟢

If Mitigated

Limited impact if proper access controls and monitoring are in place, though privilege escalation remains possible for authenticated local users.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring existing local access to exploit.
🏢 Internal Only: HIGH - Internal users with local access could exploit this to gain elevated privileges and potentially compromise the system.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires local access to the system. The specific exploitation method is not publicly documented in detail.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 20.2 or later

Vendor Advisory: https://support.broadcom.com/external/content/security-advisories/CA20201116-01-Security-Notice-for-CA-Unified-Infrastructure-Management/16565

Restart Required: Yes

Instructions:

1. Download CA UIM version 20.2 or later from Broadcom support portal. 2. Backup current configuration and data. 3. Install the updated version following vendor documentation. 4. Restart affected services and verify functionality.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local access to CA UIM systems to only authorized administrators

Implement Least Privilege

all

Ensure all user accounts have only necessary privileges and monitor for privilege escalation attempts

🧯 If You Can't Patch

  • Implement strict access controls to limit who has local access to CA UIM systems
  • Deploy endpoint detection and response (EDR) solutions to monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check CA UIM version via the web interface or by examining installed software version. Versions 20.1 or earlier are vulnerable.

Check Version:

Check via CA UIM web interface under Help > About, or examine installed software version in system control panel/package manager.

Verify Fix Applied:

Verify the installed version is 20.2 or later through the web interface or system software inventory.

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation events
  • Suspicious process creation by CA UIM components
  • Failed or successful privilege change attempts

Network Indicators:

  • Unusual outbound connections from CA UIM systems following local access

SIEM Query:

source="CA_UIM" AND (event_type="privilege_escalation" OR process_name="nimsoft-robot")

📊 Metadata

CVE ID: CVE-2020-28421
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: November 23, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON