CVE-2019-5506

Published: Oct 9, 2019Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks.

Affected (4)

Products: Netapp: Clustered Data Ontap

Netapp

1 product

Clustered Data Ontap

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Netapp Clustered Data Ontap	From 9.0 to 9.6
Netapp Clustered Data Ontap	Version 9.6 p1
Netapp Clustered Data Ontap	Version 9.6 p2
Netapp Clustered Data Ontap	Version 9.6 p3

Related CWEs

CWE-295

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (2)

https://security.netapp.com/advisory/ntap-20191009-0003/

Source: security-alert@netapp.com

Vendor Advisory

https://security.netapp.com/advisory/ntap-20191009-0003/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.