header-logo
Suggest Exploit
vendor:
Service Metric Analysis, Service Level Management
by:
SecurityFocus
8.8
CVSS
HIGH
Command Injection
78
CWE
Product Name: Service Metric Analysis, Service Level Management
Affected Version From: Service Metric Analysis 11.0, Service Level Management 3.5
Affected Version To: Service Metric Analysis 11.1 SP1
Patch Exists: YES
Related CWE: CVE-2008-4609
CPE: a:ca:service_management
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2008

Multiple CA Service Management Products Command Injection Vulnerability

Multiple CA Service Management products are prone to a command injection vulnerability due to insufficient access restrictions. An attacker can leverage this vulnerability to execute arbitrary commands by submitting a malicious command through netcat or telnet.

Mitigation:

Upgrade to the latest version of the affected software.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/33161/info

Multiple CA Service Management products are prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue is the result of insufficient access restrictions.

Successful attacks can compromise the affected application and possibly the underlying computer.

The following applications are vulnerable:

Service Metric Analysis 11.0, 11.1, and 11.1 SP1
Service Level Management 3.5 

Submitting the following command through netcat or telnet is sufficient to exploit this issue:

[ipconfig /all]