CVE-2019-13657

CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
caCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
broadcomca_performance_management
3.6.0 ≤
𝑥
< 3.6.9
broadcomca_performance_management
3.7.0 ≤
𝑥
< 3.7.4
broadcomca_performance_management
3.5.0
broadcomnetwork_operations
𝑥
≤ 19.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.html
http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html
http://seclists.org/fulldisclosure/2019/Oct/37
https://seclists.org/bugtraq/2019/Oct/26
https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html
http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.html
http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html
http://seclists.org/fulldisclosure/2019/Oct/37
https://seclists.org/bugtraq/2019/Oct/26
https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html