vendor:
CA Unified Infrastructure Management Nimsoft
by:
wetw0rk
9.8
CVSS
CRITICAL
Remote Buffer Overflow
119
CWE
Product Name: CA Unified Infrastructure Management Nimsoft
Affected Version From: 7.8
Affected Version To: 7.8
Patch Exists: NO
Related CWE: CVE-2020-8012
CPE: a:ca:unified_infrastructure_management:nimsoft:7.80
Platforms Tested: Windows 10 Pro (x64), Windows Server 2012 R2 Standard (x64)
2020
CA Unified Infrastructure Management Nimsoft 7.80 – Remote Buffer Overflow
Unauthenticated Nimbus nimcontroller RCE, tested against build 7.80.3132 although multiple versions are affected. The exploit won't crash the service. You may have to run the exploit code multiple times on Windows Server 2012. If you exploit Windows Server 2019 it should work as well just didn't get a chance to test it (reversing other things), I put faith in my ROP chain being universal (worked first try on 2012).
Mitigation:
Apply the latest patch or upgrade to a version where the vulnerability is fixed.
