CVE-2019-19231

Description

An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated privileges.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

CA Technologies, Broadcom Company / CA Client Automation14.0 – 14.0
CA Technologies, Broadcom Company / CA Client Automation14.1 – 14.1
CA Technologies, Broadcom Company / CA Client Automation14.2 – 14.2
CA Technologies, Broadcom Company / CA Client Automation14.3 – 14.3

References

MISChttps://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/CA20191218-01-security-notice-for-ca-client-automation-agent-for-windows.html
MAILING_LISThttps://seclists.org/bugtraq/2019/Dec/41
EXPLOIThttp://packetstormsecurity.com/files/155758/CA-Client-Automation-14.x-Privilege-Escalation.html
MAILING_LISThttp://seclists.org/fulldisclosure/2020/Jan/5