An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated privileges.
Weakness
The product, when opening a file or directory, does not sufficiently handle when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ca_client_automation | Broadcom | 14.0 (including) | 14.0 (including) |
| Ca_client_automation | Broadcom | 14.1 (including) | 14.1 (including) |
| Ca_client_automation | Broadcom | 14.2 (including) | 14.2 (including) |
| Ca_client_automation | Broadcom | 14.3 (including) | 14.3 (including) |
Potential Mitigations
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
References
- http://packetstormsecurity.com/files/155758/CA-Client-Automation-14.x-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2020/Jan/5
- https://seclists.org/bugtraq/2019/Dec/41
- https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/CA20191218-01-security-notice-for-ca-client-automation-agent-for-windows.html
- http://packetstormsecurity.com/files/155758/CA-Client-Automation-14.x-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2020/Jan/5
- https://seclists.org/bugtraq/2019/Dec/41
- https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/CA20191218-01-security-notice-for-ca-client-automation-agent-for-windows.html