Vulnerability CVE-2019-13658


Published: 2019-10-02

Description:
CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.

See advisories in our WLB2 database:
Topic
Author
Date
High
CA Network Flow Analysis 9.x / 10.0.x Remote Command Execution
Kevin Kotas
06.10.2019

Type:

CWE-798

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
CA -> Network flow analysis 

 References:
http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html
http://seclists.org/fulldisclosure/2019/Oct/6
https://seclists.org/bugtraq/2019/Oct/4
https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html

Copyright 2020, cxsecurity.com

 

Back to Top