CVE-2009-0043

CA Service Metric Analysis <r11.1 SP1 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0043. PoCs published by Michel Arboi.

AI-analyzed exploit summary This exploit leverages insufficient access restrictions in CA Service Management products to execute arbitrary commands. The PoC demonstrates command injection via a simple netcat or telnet submission.

Description

The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Michel Arboi · textremotewindows
https://www.exploit-db.com/exploits/32711

This exploit leverages insufficient access restrictions in CA Service Management products to execute arbitrary commands. The PoC demonstrates command injection via a simple netcat or telnet submission.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: CA Service Metric Analysis 11.0, 11.1, 11.1 SP1; CA Service Level Management 3.5
No auth needed
Prerequisites: Network access to the vulnerable service
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33161
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4887
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/499857/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0053

Scores

EPSS 0.4645
EPSS Percentile 98.7%

Details

CWE
CWE-264
Status published
Products (3)
ca/service_level_management 3.5
ca/service_metric_analysis r11.0
ca/service_metric_analysis r11.1 (2 CPE variants)
Published Jan 08, 2009
Tracked Since Feb 18, 2026