VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 18, 2018· Updated Sep 16, 2024

CVE-2018-9023

CVE-2018-9023

Description

An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An input validation flaw in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands and gain root privileges via the update_crld script.

Vulnerability

An input validation vulnerability exists in the update_crld script of CA Privileged Access Manager 2.x. Unprivileged users can pass specially crafted arguments to this script, leading to arbitrary command execution. The affected versions are all versions in the 2.x branch [1].

Exploitation

An attacker with local unprivileged access to the system can exploit this vulnerability by invoking the update_crld script with crafted arguments. No authentication beyond the unprivileged user account is required, and no user interaction is needed [1].

Impact

Successful exploitation allows the attacker to execute arbitrary commands with root privileges, resulting in full compromise of the affected system [1].

Mitigation

CA Technologies has released a security notice for this issue, but specific patched versions are not detailed in the available reference. Users should contact CA Technologies support or consult the security notice for remediation guidance [1].

References
  1. Support Content Notification - Support Portal - Broadcom support portal

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.