Clarity Client Automation

CA20191218-01: Security Notice for CA Client Automation Agent for Windows

By Steve Parker posted 12-21-2019 08:24 AM

  

product_notice_adv.png

December 20th, 2019

To:       CA Client Automation Customers
From:     The CA Client Automation Product Team
Subject:  CA Client Automation Security Notice

Dear Customer:

CA Technologies, a Broadcom Company, is notifying CA Client Automation customers about a new security notice.

For the latest version of this security notice, see

CA20191218-01: Security Notice for CA Client Automation Agent for Windows

Issued: December 18, 2019
Last Updated: December 18, 2019

CA Technologies, A Broadcom Company, is alerting customers to a potential risk with CA Client Automation agent on Windows. A vulnerability exists that can allow a local attacker to gain escalated privileges. CA published solutions to address the vulnerability and recommends that all affected customers implement the applicable solution.

The vulnerability, CVE-2019-19231, occurs due to insecure file access by the agent services. A local attacker may exploit this vulnerability to execute arbitrary commands with escalated privileges on an installation of the Client Automation agent.

Risk Rating 
High

Platform(s) 
Windows 

Affected Products
 C
A Client Automation 14.0, 14.1, 14.2, 14.3 Windows agent


Affected Component 
CA Client Automation Agent for Windows


How to determine if the installation is affected 
 
Only the CA Client Automation agent on Windows is vulnerable. Customers may check the .his file for the presence of the fix.


Solution 
CA Technologies published the following solutions to address the vulnerabilities.

Agents for CA Client Automation R14, R14 SP1 (14.0, 14.1):

Update to CA Client Automation R14 SP2 or SP3 and apply the appropriate fix for R14 SP2 or SP3.

Agents for CA Client Automation R14 SP2 (14.2): SO11134

Agents for CA Client Automation R14 SP3 (14.3): SO11210


References

CVE-2019-19231 - CA Client Automation Agent privilege escalation


Acknowledgement

CVE-2019-19231 - Andrew Hess


Change History

Version 1.0: 2019-12-18 - Initial Release

CA customers may receive product alerts and advisories by subscribing to Proactive Notifications.

Customers who require additional information about this notice may contact CA Technologies Support at https://casupport.broadcom.com/.

To report a suspected vulnerability in a CA Technologies product, please send a summary to the CA Technologies Product Vulnerability Response Team.

Copyright © 2019 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse logo, Connecting everything, CA Technologies and the CA technologies logo are among the trademarks of Broadcom. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.
 

0 comments
14 views

Permalink