CVE-2019-5504

Published: Sep 24, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions.

Affected (2)

Products: Netapp: Ontap Select Deploy Administration Utility

Netapp

1 product

Ontap Select Deploy Administration Utility

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Netapp Ontap Select Deploy Administration Utility	Version 2.12.1
Netapp Ontap Select Deploy Administration Utility	Version 2.12

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://security.netapp.com/advisory/ntap-20190923-0001/

Source: security-alert@netapp.com

PatchVendor Advisory

https://security.netapp.com/advisory/ntap-20190923-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.