Vulnerability Name:

CVE-2012-0692 (CCN-78986)

Assigned:2012-10-01
Published:2012-10-01
Updated:2021-04-09
Summary:CA License (aka CA Licensing) before 1.90.03 allows local users to modify or create arbitrary files, and consequently gain privileges, via unspecified vectors.
CVSS v3 Severity:7.7 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.3 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:C/A:C)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: BUGTRAQ
Type: UNKNOWN
20121001 CA20121001-01: Security Notice for CA License

Source: MITRE
Type: CNA
CVE-2012-0692

Source: CCN
Type: SA50791
CA Multiple Products Licensing Component Two Vulnerabilities

Source: CCN
Type: OSVDB ID: 85879
CA Multiple Product CA Licensing Component User Permission Handling Arbitrary File Manipulation Local Privilege Escalation

Source: CCN
Type: BID-55737
Computer Associates License Application Multiple Local Privilege Escalation Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1027588

Source: XF
Type: UNKNOWN
multiple-ca-priv-esc(78986)

Source: CCN
Type: CA20121001-01
Security Notice for CA License

Source: CONFIRM
Type: Broken Link
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={79CE87E4-7A35-48A3-99BA-5A0DBEDECA94}

Vulnerable Configuration:Configuration 1:
  • cpe:/a:broadcom:license_software:1.61.9:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:license_software:1.60.3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:license_software:1.8.0.114:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:license_software:*:*:*:*:*:*:*:* (Version <= 1.90.02)
  • OR cpe:/a:broadcom:license_software:1.9.1.105:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:license_software:0.1.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:license_software:1.8.0.110:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:license_software:1.61.8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:license_software:1.52:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:license_software:1.70.1.101:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:license_software:1.5.3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:broadcom:etrust_antivirus:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_2007:3:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_intrusion_detection:2.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:8:*:*:*:*:*:*:*
  • OR cpe:/a:ca:threat_manager:8::enterprise:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:secure_content_manager:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:11:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:threat_manager:8.1::enterprise:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_integrated_threat_management:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_secure_content_manager:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_2008:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_plus_2008:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_plus_2009:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:threat_manager_total_defense:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:gateway_security:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:arcserve_for_windows_client_agent:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:arcserve_for_windows_server_component:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:common_services:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_anti-virus_sdk:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_anti-virus_gateway:7.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    broadcom license software 1.61.9
    broadcom license software 1.60.3
    broadcom license software 1.8.0.114
    broadcom license software *
    broadcom license software 1.9.1.105
    broadcom license software 0.1.0.15
    broadcom license software 1.8.0.110
    broadcom license software 1.61.8
    broadcom license software 1.52
    broadcom license software 1.70.1.101
    broadcom license software 1.5.3
    ca etrust antivirus 7.1
    ca etrust intrusion detection 3.0
    ca internet security suite 2007 3
    ca etrust intrusion detection 3.0 sp1
    ca etrust intrusion detection 2.0 sp1
    ca etrust antivirus 8
    ca threat manager 8
    ca protection suites 2
    ca secure content manager 8.0
    ca etrust antivirus 8.1
    ca secure content manager 1.1
    ca common services 11
    ca common services 11.1
    ca threat manager 8.1
    ca etrust ez antivirus 7.1
    ca etrust integrated threat management 8.1
    ca etrust secure content manager 1.1
    ca etrust secure content manager 8.0
    ca internet security suite *
    ca internet security suite 3.0
    ca unicenter network and systems management 11
    ca unicenter network and systems management 11.1
    ca unicenter network and systems management 3.0
    ca unicenter network and systems management 3.1
    ca internet security suite 2008 *
    ca protection suites 3.1
    ca internet security suite plus 2008 *
    ca internet security suite plus 2009 *
    ca threat manager total defense *
    ca gateway security 8.1
    ca arcserve for windows client agent *
    ca arcserve for windows server component *
    ca common services 3.1
    ca etrust anti-virus sdk *
    ca etrust anti-virus gateway 7.1