Severity.io | CVE-2016-9795

Description

The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.

a ca virtual_assurance_for_infrastructure_managers 12.9 *******

a ca universal_job_management_agent 11.2 *******

a broadcom ca_workload_automation_ae 11.3.6 *******

a broadcom ca_workload_automation_ae 11.3.5 *******

a broadcom client_automation 14.0 *******

a broadcom client_automation 12.9 *******

a broadcom client_automation 12.8 *******

a broadcom systemedge 5.9 *******

a broadcom systems_performance_for_infrastructure_managers 12.9 *******

References

https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170126-01--security-notice-for-ca-common-services-casrvc.html

Vendor Advisory

95819

Third Party AdvisoryVDB Entry

1037730

Third Party AdvisoryVDB Entry

20170126 CA20170126-01: Security Notice for CA Common Services casrvc

Third Party AdvisoryVDB Entry

CvssV3 impact

BaseSeverity	HIGH
ConfidentialityImpact	HIGH
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	LOCAL
AvailabilityImpact	HIGH
IntegrityImpact	HIGH
PrivilegesRequired	LOW
BaseScore	7.8
VectorString	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version	3.1
UserInteraction	NONE

CvssV2 impact

Version	2.0
VectorString	AV:L/AC:L/Au:N/C:C/I:C/A:C
AccessVector	LOCAL
AccessComplexity	LOW
Authentication	NONE
ConfidentialityImpact	COMPLETE
IntegrityImpact	COMPLETE
AvailabilityImpact	COMPLETE
BaseScore	7.199999809265137