CVE-2019-13658 - OpenCVE

CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Broadcom	Network Flow Analysis

Configuration 1 [-]

OR	cpe:2.3:a:broadcom:network_flow_analysis::::::::
	cpe:2.3:a:broadcom:network_flow_analysis:10.0.0:::::::*

References

Link	Resource
http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html	Third Party Advisory
http://seclists.org/fulldisclosure/2019/Oct/6	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Oct/4	Mailing List Third Party Advisory
https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ca

Published: 2019-10-01T00:00:00

Updated: 2019-10-05T15:06:04

Reserved: 2019-07-18T00:00:00

Link: CVE-2019-13658

JSON object: View

NVD Information

Status : Modified

Published: 2019-10-02T17:15:11.967

Modified: 2021-04-09T17:43:38.720

Link: CVE-2019-13658

JSON object: View

Redhat Information

No data.

CWE

CWE-798

{"containers": {"cna": {"affected": [{"product": "CA Network Flow Analysis", "vendor": "CA Technologies, a Broadcom Company", "versions": [{"status": "affected", "version": "9.x"}]}, {"product": "CA Network Flow Analysis", "vendor": "CA Technologies, a Broadcom Company", "versions": [{"status": "affected", "version": "10.0.x"}]}], "datePublic": "2019-10-01T00:00:00", "descriptions": [{"lang": "en", "value": "CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-10-05T15:06:04", "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f", "shortName": "ca"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html"}, {"name": "20191003 CA20190930-01: Security Notice for CA Network Flow Analysis", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Oct/6"}, {"name": "20191004 CA20190930-01: Security Notice for CA Network Flow Analysis", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Oct/4"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.8"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vuln@ca.com", "DATE_PUBLIC": "2019-10-01T04:00:00.000Z", "ID": "CVE-2019-13658", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CA Network Flow Analysis", "version": {"version_data": [{"version_affected": "=", "version_name": "9", "version_value": "9.x"}]}}]}, "vendor_name": "CA Technologies, a Broadcom Company"}, {"product": {"product_data": [{"product_name": "CA Network Flow Analysis", "version": {"version_data": [{"version_affected": "=", "version_name": "10", "version_value": "10.0.x"}]}}]}, "vendor_name": "CA Technologies, a Broadcom Company"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security."}]}, "generator": {"engine": "Vulnogram 0.0.8"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-798 Use of Hard-coded Credentials"}]}]}, "references": {"reference_data": [{"name": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html", "refsource": "MISC", "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html"}, {"name": "20191003 CA20190930-01: Security Notice for CA Network Flow Analysis", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Oct/6"}, {"name": "20191004 CA20190930-01: Security Notice for CA Network Flow Analysis", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Oct/4"}, {"name": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f", "assignerShortName": "ca", "cveId": "CVE-2019-13658", "datePublished": "2019-10-01T00:00:00", "dateReserved": "2019-07-18T00:00:00", "dateUpdated": "2019-10-05T15:06:04", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:network_flow_analysis:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A66FBB9-6823-4620-B59E-D26A76A7E6C3", "versionEndIncluding": "9.5.0", "versionStartIncluding": "9.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:network_flow_analysis:10.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BE63BC63-51B0-491D-9045-8839EDB4932B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security."}, {"lang": "es", "value": "CA Network Flow Analysis versiones 9.x y 10.0.x, presenta una vulnerabilidad de credencial predeterminada que puede permitir a un atacante remoto ejecutar comandos arbitrarios y comprometer la seguridad del sistema."}], "id": "CVE-2019-13658", "lastModified": "2021-04-09T17:43:38.720", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "vuln@ca.com", "type": "Secondary"}]}, "published": "2019-10-02T17:15:11.967", "references": [{"source": "vuln@ca.com", "tags": ["Third Party Advisory"], "url": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html"}, {"source": "vuln@ca.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Oct/6"}, {"source": "vuln@ca.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Oct/4"}, {"source": "vuln@ca.com", "tags": ["Third Party Advisory"], "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html"}], "sourceIdentifier": "vuln@ca.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "vuln@ca.com", "type": "Secondary"}]}