CVE-2022-33752 – CVE-2022-33752 is a critical remote code execut... (How to Fix)

Q: What is the severity of CVE-2022-33752?

CVE-2022-33752 has a CVSS score of 9.8 (CRITICAL). CVE-2022-33752 is a critical remote code execution vulnerability in CA Automic Automation agents due to insufficient input validation. Attackers can exploit this to execute arbitrary code on affected systems. Organizations using CA Automic Automation 12.2 or 12.3 are vulnerable.

📋 TL;DR

CVE-2022-33752 is a critical remote code execution vulnerability in CA Automic Automation agents due to insufficient input validation. Attackers can exploit this to execute arbitrary code on affected systems. Organizations using CA Automic Automation 12.2 or 12.3 are vulnerable.

💻 Affected Systems

Products:

CA Automic Automation

Versions: 12.2 and 12.3

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with vulnerable versions are affected regardless of configuration.

📦 What is this software?

Ca Automic Automation by Broadcom

View all CVEs affecting Ca Automic Automation →

Ca Automic Automation by Broadcom

View all CVEs affecting Ca Automic Automation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the Automic agent host, potentially leading to lateral movement across the network and data exfiltration.

🟠

Likely Case

Remote code execution allowing attackers to install malware, create backdoors, or disrupt automation workflows.

🟢

If Mitigated

Limited impact if network segmentation and strict access controls prevent unauthorized access to Automic agents.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires network access to the Automic agent but no authentication, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches from Broadcom security advisory

Vendor Advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629

Restart Required: Yes

Instructions:

1. Download the security patch from Broadcom support portal. 2. Apply the patch to all affected Automic Automation installations. 3. Restart Automic agents and services. 4. Verify the patch is applied successfully.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Automic agents to only trusted IP addresses and networks.

Firewall Rules

all

Implement firewall rules to block unauthorized access to Automic agent ports.

🧯 If You Can't Patch

Isolate affected systems in a separate network segment with strict access controls.
Implement application-level firewalls or WAF rules to filter malicious input to Automic agents.

🔍 How to Verify

Check if Vulnerable:

Check Automic Automation version via administrative console or configuration files. Versions 12.2 and 12.3 are vulnerable.

Check Version:

Check version in Automic administrative interface or configuration files (specific command varies by deployment).

Verify Fix Applied:

Verify patch installation through version check and test agent functionality. Monitor for any abnormal behavior.

📡 Detection & Monitoring

Log Indicators:

Unusual process execution from Automic agent
Failed authentication attempts to agent services
Abnormal network connections to agent ports

Network Indicators:

Unexpected traffic to Automic agent ports (default 2210)
Suspicious payloads in network traffic to agents

SIEM Query:

source="automic_agent" AND (event_type="process_execution" OR event_type="network_connection") AND severity=HIGH

📊 Metadata

CVE ID: CVE-2022-33752

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: June 16, 2022

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-33752, you might also want to check these: