CA Technologies, A Broadcom Company, is alerting customers to a potential risk with CA Client Automation agent on Windows. A vulnerability exists that can allow a local attacker to gain
escalated privileges. CA20191218-01: Security Notice for CA Client Automation Agent for
Issued: December 18, 2019
Last Updated: December 18, 2019
CA Technologies, A Broadcom Company, is alerting customers to a
potential risk with CA Client Automation agent on Windows. A
vulnerability exists that can allow a local attacker to gain
escalated privileges. CA published solutions to address the
vulnerability and recommends that all affected customers implement
the applicable solution.
The vulnerability, CVE-2019-19231, occurs due to insecure file
access by the agent services. A local attacker may exploit this
vulnerability to execute arbitrary commands with escalated
privileges on an installation of the Client Automation agent.
CA Client Automation 14.0, 14.1, 14.2, 14.3 Windows agent
CA Client Automation Agent for Windows
How to determine if the installation is affected
Only the CA Client Automation agent on Windows is vulnerable.
Customers may check the .his file for the presence of the fix.
CA Technologies published the following solutions to address the
Agents for CA Client Automation R14, R14 SP1 (14.0, 14.1):
Update to CA Client Automation R14 SP2 or SP3 and apply the
appropriate fix for R14 SP2 or SP3.
Agents for CA Client Automation R14 SP2 (14.2):
Agents for CA Client Automation R14 SP3 (14.3):
CVE-2019-19231 – CA Client Automation Agent privilege escalation
CVE-2019-19231 – Andrew Hess
Version 1.0: 2019-12-18 – Initial Release
CA customers may receive product alerts and advisories by
subscribing to Proactive Notifications on the support site.
Customers who require additional information about this notice may
contact CA Technologies Support at https://casupport.broadcom.com/
To report a suspected vulnerability in a CA Technologies product,
please send a summary to CA Technologies Product Vulnerability
Response at ca.psirt