Security Advisory

CVE-2024-38499

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-12-17 05:43:00

Last updated 2024-12-19 06:03:39

Assigner symantec

State PUBLISHED

Description

CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesnt allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands.

← Browse all CVEs View on cve.org ↗