CA Unicenter Remote Control up to 5.0 Privileges Local Privilege Escalation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.9 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in CA Unicenter Remote Control up to 5.0 and classified as problematic. The impacted element is an unknown function of the component Privileges. The manipulation leads to Local Privilege Escalation. This vulnerability is traded as CVE-2003-0998. There is no exploit available.
Details
A vulnerability was found in CA Unicenter Remote Control up to 5.0 (Remote Access Software) and classified as problematic. This issue affects an unknown part of the component Privileges. The manipulation with an unknown input leads to a local privilege escalation vulnerability. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
Unknown "potential system security vulnerability" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account.
The bug was discovered 12/11/2003. The weakness was shared 01/05/2004 (Website). It is possible to read the advisory at secunia.com. The identification of this vulnerability is CVE-2003-0998 since 12/16/2003. The exploitation is known to be easy. Attacking locally is a requirement. No form of authentication is needed for a successful exploitation. The technical details are unknown and an exploit is not publicly available.
The vulnerability was handled as a non-public zero-day exploit for at least 25 days. During that time the estimated underground price was around $25k-$100k.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
The vulnerability is also documented in the databases at OSVDB (3023†) and Secunia (SA10420†). The entries VDB-21477 and VDB-21478 are related to this item. Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.ca.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.9
VulDB Base Score: 5.9
VulDB Temp Score: 5.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Local Privilege EscalationCWE: Unknown
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
12/11/2003 🔍12/12/2003 🔍
12/16/2003 🔍
01/05/2004 🔍
01/05/2004 🔍
08/04/2014 🔍
06/04/2019 🔍
Sources
Vendor: ca.comAdvisory: secunia.com⛔
Status: Not defined
Confirmation: 🔍
CVE: CVE-2003-0998 (🔍)
GCVE (CVE): GCVE-0-2003-0998
GCVE (VulDB): GCVE-100-21479
Secunia: 10420 - CA Unicenter Remote Control Privilege Escalation and Denial of Service, Less Critical
OSVDB: 3023 - URC allows elevated privileges
See also: 🔍
Entry
Created: 08/04/2014 15:29Updated: 06/04/2019 21:36
Changes: 08/04/2014 15:29 (53), 06/04/2019 21:36 (3)
Complete: 🔍
Cache ID: 216:881:103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.