CVE-2020-8010 Nimbus protocol allows unauth read/write/execute

CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.

Recent assessments:

busterb at August 04, 2020 5:44pm UTC reported:

This vulnerability was patched February 2020, but there is renewed interest in it thanks to research by wetw0rk and their submission of a recent Metasploit Module. The underlying vulnerability here is a lack of authenticated controls on the Nimbus protocol itself, which allows an attacker to simply run arbitrary commands on the target. This combined with CVE-2020-8012 allows arbitrary code execution as well.

You are unlikely to see this on the internet (the only boxes I found on Shodan listening on TCP port 48000 were NAS devices using it as the NFS lock service, so it’s hard to gauge the wide-spread nature) but this is more commonly used as mass-deployments in cloud environments or server environments. Since it is the robot/controller that is vulnerable, potentially every target in a managed environment is vulnerable to this if it has the vulnerable version of the Nimsoft software installed. If an enterprise is using this software, it’s likely an attacker will be able to easily use it to control the whole environment if it is left vulnerable, and could likely become an easy crypto locking target.

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5