← Back

CVE-2019-5490

nvd nist
Published: Mar 21, 2019Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.

Affected (42)

Netapp
1 product
Service Processor
Configuration A
1 platform
Running on/withPlatform Versions
Netapp
Clustered Data Ontap
Version 9.5
Configuration B
1 platform
Running on/withPlatform Versions
Netapp
Clustered Data Ontap
Version 9.4
Configuration C
4 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Netapp
Service Processor
Version 2.8
Service Processor
Version 3.7
Service Processor
Version 4.5
Service Processor
Version 5.5
Running on/withPlatform Versions
Netapp
Clustered Data Ontap
Version 9.3
Configuration D
9 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Netapp
Service Processor
Version 2.5
Service Processor
Version 3.4
Service Processor
Version 3.4 patch1
Service Processor
Version 3.4 patch2
Service Processor
Version 4.2
Service Processor
Version 4.2 patch1
Service Processor
Version 4.2 patch2
Service Processor
Version 5.2
Service Processor
Version 5.2 patch1
Running on/withPlatform Versions
Netapp
Clustered Data Ontap
Version 9.2
Configuration E
18 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Netapp
Service Processor
Version 2.4.1
Service Processor
Version 2.4.1 patch1
Service Processor
Version 3.3
Service Processor
Version 3.3 patch1
Service Processor
Version 3.3 patch2
Service Processor
Version 3.3 patch3
Service Processor
Version 3.3 patch4
Service Processor
Version 4.1
Service Processor
Version 4.1 patch1
Service Processor
Version 4.1 patch2
Service Processor
Version 4.1 patch3
Service Processor
Version 4.1 patch4
Service Processor
Version 4.1 patch5
Service Processor
Version 4.1 patch6
Service Processor
Version 5.1
Service Processor
Version 5.1 patch1
Service Processor
Version 5.1 patch2
Service Processor
Version 5.1 patch3
Running on/withPlatform Versions
Netapp
Clustered Data Ontap
Version 9.1
Configuration F
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Netapp
Service Processor
Version 2.4
Service Processor
Version 3.2
Running on/withPlatform Versions
Netapp
Clustered Data Ontap
Version 9.0
Configuration G
7 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Netapp
Service Processor
Version 2.3.2
Service Processor
Version 2.3.2 patch1
Service Processor
Version 2.3.2 patch2
Service Processor
Version 2.3.2 patch3
Service Processor
Version 3.1.2
Service Processor
Version 3.1.2 patch1
Service Processor
Version 3.1.2 patch2
Running on/withPlatform Versions
Netapp
Clustered Data Ontap
Version 8.3
Configuration H
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Netapp
Service Processor
Version 2.2.5
Service Processor
Version 3.0.4
Running on/withPlatform Versions
Netapp
Clustered Data Ontap
Version 8.2

Related CWEs

CWE-1188
Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

References (4)

Source: security-alert@netapp.com
Source: security-alert@netapp.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.