Vulnerability CVE-2019-5490


Published: 2019-03-21   Modified: 2019-03-22

Description:
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Netapp -> Service processor 

 References:
http://support.lenovo.com/us/en/solutions/LEN-26771
https://security.netapp.com/advisory/ntap-20190305-0001/

Copyright 2022, cxsecurity.com

 

Back to Top