Multiple CA Service Management Products - Remote Command Execution

EDB-ID:

32711




Platform:

Windows

Date:

2009-01-07


source: https://www.securityfocus.com/bid/33161/info

Multiple CA Service Management products are prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue is the result of insufficient access restrictions.

Successful attacks can compromise the affected application and possibly the underlying computer.

The following applications are vulnerable:

Service Metric Analysis 11.0, 11.1, and 11.1 SP1
Service Level Management 3.5 

Submitting the following command through netcat or telnet is sufficient to exploit this issue:

[ipconfig /all]