Login Sign Up

CVE-2020-8012

9.8 CRITICAL
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2020-8012 is a critical buffer overflow vulnerability in CA Unified Infrastructure Management (Nimsoft/UIM) that allows remote attackers to execute arbitrary code on affected systems. This affects the robot (controller) component in versions 20.1, 20.3.x, and 9.20 and below. Organizations using these vulnerable versions are at risk of complete system compromise.

💻 Affected Systems

Products:
  • CA Unified Infrastructure Management (Nimsoft/UIM)
Versions: 20.1, 20.3.x, and 9.20 and below
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: The robot (controller) component is vulnerable. All installations with these versions are affected regardless of configuration.

📦 What is this software?

Unified Infrastructure Management by Broadcom

View all CVEs affecting Unified Infrastructure Management →

Unified Infrastructure Management by Broadcom

View all CVEs affecting Unified Infrastructure Management →

Unified Infrastructure Management by Broadcom

View all CVEs affecting Unified Infrastructure Management →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with remote code execution, leading to data theft, ransomware deployment, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Remote attacker gains full control of the Nimsoft/UIM system, enabling them to manipulate monitoring data, disrupt operations, and pivot to other systems.

🟢

If Mitigated

If properly segmented and patched, impact is limited to the specific Nimsoft/UIM component with no lateral movement.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication, making internet-facing instances extremely vulnerable.
🏢 Internal Only: HIGH - Even internally, this vulnerability allows attackers who gain network access to execute arbitrary code without authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Multiple public exploit proofs exist on Packet Storm Security. The vulnerability requires no authentication and has low exploitation complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 9.20, 20.1, and 20.3.x - consult Broadcom advisory for specific patched versions

Vendor Advisory: https://support.broadcom.com/external/content/security-advisories/CA20200205-01-Security-Notice-for-CA-Unified-Infrastructure-Management/7832

Restart Required: Yes

Instructions:

1. Review Broadcom advisory CA20200205-01. 2. Download and apply the appropriate patch from Broadcom support. 3. Restart the Nimsoft/UIM services. 4. Verify the patch is applied correctly.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict network access to Nimsoft/UIM robot controller ports (typically 48000-48003) to only trusted management systems.

Use firewall rules to restrict access: iptables -A INPUT -p tcp --dport 48000:48003 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 48000:48003 -j DROP

Windows Firewall Restriction

windows

Block external access to Nimsoft/UIM ports using Windows Firewall.

New-NetFirewallRule -DisplayName "Block Nimsoft Ports" -Direction Inbound -LocalPort 48000-48003 -Protocol TCP -Action Block

🧯 If You Can't Patch

  • Immediately isolate affected systems from internet and untrusted networks
  • Implement strict network segmentation and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check the installed version of CA UIM/Nimsoft. If version is 20.1, 20.3.x, or 9.20 or below, the system is vulnerable.

Check Version:

On Windows: Check Programs and Features. On Linux: Check installation directory or use 'ps aux | grep nim' to identify running processes and versions.

Verify Fix Applied:

Verify the version has been updated to a patched release and test that the robot controller service is functioning normally.

📡 Detection & Monitoring

Log Indicators:

  • Unusual connections to robot controller ports (48000-48003)
  • Abnormal process creation from Nimsoft/UIM services
  • Crash logs from nimcontroller process

Network Indicators:

  • Unexpected network traffic to/from port 48000-48003
  • Large or malformed packets sent to Nimsoft/UIM ports

SIEM Query:

source="nimsoft.logs" AND (event="crash" OR event="buffer_overflow" OR dest_port IN (48000,48001,48002,48003) AND src_ip NOT IN (trusted_ips))

📊 Metadata

CVE ID: CVE-2020-8012
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: February 18, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-8012, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)