CVE-2020-8010

CRITICAL

CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-8010. PoCs published by wetw0rk, including Metasploit module exploits/windows/nimsoft/nimcontroller_bof.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in CA Unified Infrastructure Management Nimsoft 7.80 via a crafted directory_list probe. It includes a full ROP chain to bypass DEP and achieve remote code execution.

Description

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.

Exploits (1)

metasploit WORKING POC EXCELLENT
by wetw0rk · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/nimsoft/nimcontroller_bof.rb

This Metasploit module exploits a buffer overflow in CA Unified Infrastructure Management Nimsoft 7.80 via a crafted directory_list probe. It includes a full ROP chain to bypass DEP and achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: CA Unified Infrastructure Management Nimsoft 7.80 (Build 7.80.3132)
No auth needed
Prerequisites: Target must be vulnerable to CVE-2020-8010 to reach the directory_list probe · Network access to TCP port 48000
devstral-2 · analyzed Apr 24, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.8094
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (2)
broadcom/unified_infrastructure_management 20.1
broadcom/unified_infrastructure_management < 9.20
Published Feb 18, 2020
Tracked Since Feb 18, 2026