CVE-2020-8012

CRITICAL

Broadcom Unified Infrastructure Management < 9.20 - Remote Code Execution via Buffer Overflow in Robot Component

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2020-8012. PoCs published by wetw0rk, including Metasploit module exploits/windows/nimsoft/nimcontroller_bof.

AI-analyzed exploit summary This exploit targets a remote buffer overflow in CA Unified Infrastructure Management Nimsoft 7.80, bypassing stack protections to achieve RCE via a crafted payload. It includes a Meterpreter reverse shell and a ROP chain for x64 Windows systems.

Description

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.

Exploits (3)

exploitdb WORKING POC
by wetw0rk · cremotewindows
https://www.exploit-db.com/exploits/48156

This exploit targets a remote buffer overflow in CA Unified Infrastructure Management Nimsoft 7.80, bypassing stack protections to achieve RCE via a crafted payload. It includes a Meterpreter reverse shell and a ROP chain for x64 Windows systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: CA Unified Infrastructure Management Nimsoft 7.80 (Build 7.80.3132)
No auth needed
Prerequisites: Network access to the Nimsoft probe service · Target system running vulnerable Nimsoft version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 75 stars
by wetw0rk · poc
https://github.com/wetw0rk/Exploit-Development

This repository contains functional exploit code for CVE-2016-10709, targeting the HackSys Extreme Vulnerable Driver (HEVD) with a stack overflow vulnerability. The exploit includes shellcode for token stealing and privilege escalation on Windows 10 x64 systems.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: HackSys Extreme Vulnerable Driver (HEVD)
No auth needed
Prerequisites: Access to the vulnerable driver · Windows 10 x64 environment
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by wetw0rk · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/nimsoft/nimcontroller_bof.rb

This Metasploit module exploits a buffer overflow in CA Unified Infrastructure Management Nimsoft 7.80 via a crafted directory_list probe, leveraging ROP chains to bypass DEP and achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: CA Unified Infrastructure Management Nimsoft 7.80 (Build 7.80.3132)
No auth needed
Prerequisites: Target must be vulnerable to CVE-2020-8010 · Access to the directory_list probe
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 9.8
EPSS 0.8411
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-120
Status published
Products (2)
broadcom/unified_infrastructure_management 20.1
broadcom/unified_infrastructure_management < 9.20
Published Feb 18, 2020
Tracked Since Feb 18, 2026