Vulnerability Name:

CVE-2012-0691 (CCN-78985)

Assigned:2012-10-01
Published:2012-10-01
Updated:2021-04-09
Summary:CA License (aka CA Licensing) before 1.90.03 does not properly restrict system commands, which allows local users to gain privileges via unspecified vectors.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.9 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Access
References:Source: BUGTRAQ
Type: UNKNOWN
20121001 CA20121001-01: Security Notice for CA License

Source: MITRE
Type: CNA
CVE-2012-0691

Source: CCN
Type: SA50791
CA Multiple Products Licensing Component Two Vulnerabilities

Source: CCN
Type: OSVDB ID: 85880
CA Multiple Product CA Licensing Component System Command Handling Local Privilege Escalation

Source: CCN
Type: BID-55737
Computer Associates License Application Multiple Local Privilege Escalation Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1027588

Source: XF
Type: UNKNOWN
multiple-ca-command-exec(78985)

Source: CCN
Type: CA20121001-01
Security Notice for CA License

Source: CONFIRM
Type: Broken Link
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={79CE87E4-7A35-48A3-99BA-5A0DBEDECA94}

Vulnerable Configuration:Configuration 1:
  • cpe:/a:broadcom:license_software:1.52:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:license_software:1.9.1.105:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:license_software:1.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:license_software:1.61.8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:license_software:1.60.3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:license_software:1.70.1.101:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:license_software:1.8.0.114:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:license_software:*:*:*:*:*:*:*:* (Version <= 1.90.02)
  • OR cpe:/a:broadcom:license_software:1.61.9:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:license_software:0.1.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:license_software:1.8.0.110:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:broadcom:etrust_antivirus:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_2007:3:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_intrusion_detection:2.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:8:*:*:*:*:*:*:*
  • OR cpe:/a:ca:threat_manager:8::enterprise:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:secure_content_manager:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:11:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:threat_manager:8.1::enterprise:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_integrated_threat_management:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_secure_content_manager:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_2008:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_plus_2008:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_plus_2009:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:threat_manager_total_defense:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:gateway_security:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:arcserve_for_windows_client_agent:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:arcserve_for_windows_server_component:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:common_services:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_anti-virus_sdk:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_anti-virus_gateway:7.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    broadcom license software 1.52
    broadcom license software 1.9.1.105
    broadcom license software 1.5.3
    broadcom license software 1.61.8
    broadcom license software 1.60.3
    broadcom license software 1.70.1.101
    broadcom license software 1.8.0.114
    broadcom license software *
    broadcom license software 1.61.9
    broadcom license software 0.1.0.15
    broadcom license software 1.8.0.110
    ca etrust antivirus 7.1
    ca etrust intrusion detection 3.0
    ca internet security suite 2007 3
    ca etrust intrusion detection 3.0 sp1
    ca etrust intrusion detection 2.0 sp1
    ca etrust antivirus 8
    ca threat manager 8
    ca protection suites 2
    ca secure content manager 8.0
    ca etrust antivirus 8.1
    ca secure content manager 1.1
    ca common services 11
    ca common services 11.1
    ca threat manager 8.1
    ca etrust ez antivirus 7.1
    ca etrust integrated threat management 8.1
    ca etrust secure content manager 1.1
    ca etrust secure content manager 8.0
    ca internet security suite *
    ca internet security suite 3.0
    ca unicenter network and systems management 11
    ca unicenter network and systems management 11.1
    ca unicenter network and systems management 3.0
    ca unicenter network and systems management 3.1
    ca internet security suite 2008 *
    ca protection suites 3.1
    ca internet security suite plus 2008 *
    ca internet security suite plus 2009 *
    ca threat manager total defense *
    ca gateway security 8.1
    ca arcserve for windows client agent *
    ca arcserve for windows server component *
    ca common services 3.1
    ca etrust anti-virus sdk *
    ca etrust anti-virus gateway 7.1