CVE-2009-0043

2009-01-0819:30:11

CWE-264

mitre

web.nvd.nist.gov

cve-2009-0043

smmsnmpd

service metric analysis

service level management

remote code execution

access restriction

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.043

Percentile

92.5%

JSON

The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.

Affected configurations

Nvd

Node

caservice_level_managementMatch3.5

caservice_metric_analysisMatchr11.0

caservice_metric_analysisMatchr11.1

caservice_metric_analysisMatchr11.1sp1

VendorProductVersionCPE
caservice_level_management3.5cpe:2.3:a:ca:service_level_management:3.5:*:*:*:*:*:*:*
caservice_metric_analysisr11.0cpe:2.3:a:ca:service_metric_analysis:r11.0:*:*:*:*:*:*:*
caservice_metric_analysisr11.1cpe:2.3:a:ca:service_metric_analysis:r11.1:*:*:*:*:*:*:*
caservice_metric_analysisr11.1cpe:2.3:a:ca:service_metric_analysis:r11.1:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
ca	service_level_management	3.5	cpe:2.3:a:ca:service_level_management:3.5:::::::*
ca	service_metric_analysis	r11.0	cpe:2.3:a:ca:service_metric_analysis:r11.0:::::::*
ca	service_metric_analysis	r11.1	cpe:2.3:a:ca:service_metric_analysis:r11.1:::::::*
ca	service_metric_analysis	r11.1	cpe:2.3:a:ca:service_metric_analysis:r11.1:sp1::::::