CVE-2018-5490

Published: Aug 3, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release.

Affected (1)

Products: Netapp: Clustered Data Ontap

1 product

Clustered Data Ontap

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Clustered Data Ontap	Before 8.3

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://security.netapp.com/advisory/ntap-20150324-0001/

Source: security-alert@netapp.com

Vendor Advisory

https://security.netapp.com/advisory/ntap-20150324-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.