Vulnerability CVE-2019-13658

Vulnerability CVE-2019-13658

Published: 2019-10-02

Description:

CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.

See advisories in our WLB2 database:

	Topic	Author	Date
High	CA Network Flow Analysis 9.x / 10.0.x Remote Command Execution	Kevin Kotas	06.10.2019

Type:

CWE-798

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
CA -> Network flow analysis

References:

http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html

http://seclists.org/fulldisclosure/2019/Oct/6

https://seclists.org/bugtraq/2019/Oct/4

https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html

Vulnerability CVE-2019-13658

CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.

See advisories in our WLB2 database:

High

CA Network Flow Analysis 9.x / 10.0.x Remote Command Execution

CWE-798

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

7.5/10

6.4/10

10/10

Remote

Low

No required

Partial

Partial

Partial

Affected software

References: