Login Sign Up

CVE-2019-13657

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2019-13657 is a critical vulnerability in CA Performance Management software where default credentials allow remote attackers to execute arbitrary commands on affected systems. This affects CA Performance Management versions 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4. Attackers can compromise system security and gain full control of vulnerable installations.

💻 Affected Systems

Products:
  • CA Performance Management
Versions: 3.5.x, 3.6.x before 3.6.9, 3.7.x before 3.7.4
Operating Systems: All supported platforms for CA Performance Management
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations are vulnerable unless credentials have been changed from defaults.

📦 What is this software?

Ca Performance Management by Broadcom

View all CVEs affecting Ca Performance Management →

Ca Performance Management by Broadcom

View all CVEs affecting Ca Performance Management →

Ca Performance Management by Broadcom

View all CVEs affecting Ca Performance Management →

Network Operations by Broadcom

View all CVEs affecting Network Operations →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining root/administrator access, deploying ransomware, stealing sensitive data, and pivoting to other network systems.

🟠

Likely Case

Remote code execution leading to data theft, installation of backdoors, and disruption of performance monitoring services.

🟢

If Mitigated

Limited impact if systems are isolated, monitored, and have network access controls preventing external exploitation.

🌐 Internet-Facing: HIGH - Default credentials allow unauthenticated remote attackers to execute arbitrary commands without any user interaction.
🏢 Internal Only: HIGH - Even internally, any user on the network could exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code available on Packet Storm and other security sites. Attack requires no authentication and uses default credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.9 for 3.6.x branch, 3.7.4 for 3.7.x branch

Vendor Advisory: https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html

Restart Required: Yes

Instructions:

1. Download appropriate patch from Broadcom support portal. 2. Backup current installation. 3. Apply patch following vendor instructions. 4. Restart CA Performance Management services. 5. Verify patch installation and change default credentials.

🔧 Temporary Workarounds

Change Default Credentials

all

Immediately change all default credentials for CA Performance Management installation

# Use CA Performance Management admin interface to change credentials
# No single command - use web interface or configuration tools

Network Isolation

all

Restrict network access to CA Performance Management to only trusted administrative networks

# Example firewall rule (Linux iptables):
iptables -A INPUT -p tcp --dport [CA_PM_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
iptables -A INPUT -p tcp --dport [CA_PM_PORT] -j DROP

🧯 If You Can't Patch

  • Immediately change all default credentials and implement strong password policies
  • Isolate vulnerable systems from internet and restrict internal network access using firewalls

🔍 How to Verify

Check if Vulnerable:

Check CA Performance Management version via admin interface or configuration files. Versions 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 are vulnerable.

Check Version:

# Check version via admin interface or configuration files
# Exact command depends on installation method and platform

Verify Fix Applied:

Verify version is 3.6.9 or higher for 3.6.x branch, or 3.7.4 or higher for 3.7.x branch. Test that default credentials no longer work.

📡 Detection & Monitoring

Log Indicators:

  • Failed authentication attempts with default usernames
  • Unusual command execution patterns
  • Multiple login attempts from single source

Network Indicators:

  • Unusual outbound connections from CA Performance Management server
  • Traffic to known malicious IPs
  • Unexpected port scanning from the server

SIEM Query:

source="CA_Performance_Management" AND (event_type="authentication_failure" AND user="admin" OR user="administrator")

📊 Metadata

CVE ID: CVE-2019-13657
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-798
Published: October 17, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-13657, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2021-0248 10.0

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowi...

Same vulnerability type (CWE-798)