← Back

CVE-2020-8573

nvd nist
Published: Jun 29, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 or the Compute Firmware Bundle 12.2.92 the BMC account password on the H610C, H615C and H610S platforms is reset to the default documented value which could allow remote attackers to cause a Denial of Service (DoS).

Affected (1)

Netapp
1 product
Hci H610s Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Hci H610s Firmware
All versions
Running on/withPlatform Versions
Netapp
Hci H610s
All versions

Related CWEs

CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

Source: security-alert@netapp.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.