Lucene search

[email protected]CVE-2019-5490

HistoryMar 21, 2019 - 7:29 p.m.

CVE-2019-5490

2019-03-2119:29:00

CWE-1188

[email protected]

web.nvd.nist.gov

netapp

service processor

firmware

default account

unauthorized access

command execution

security vulnerability

cve-2019-5490

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.9%

JSON

Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.

Affected configurations

NVD

Node

netappservice_processorMatch2.8-

netappservice_processorMatch3.7-

netappservice_processorMatch4.5-

netappservice_processorMatch5.5-

AND

netappclustered_data_ontapMatch9.5

Node

netappservice_processorMatch2.8-

netappservice_processorMatch3.7-

netappservice_processorMatch4.5-

netappservice_processorMatch5.5-

AND

netappclustered_data_ontapMatch9.4

Node

netappservice_processorMatch2.8-

netappservice_processorMatch3.7-

netappservice_processorMatch4.5-

netappservice_processorMatch5.5-

AND

netappclustered_data_ontapMatch9.3

Node

netappservice_processorMatch2.5-

netappservice_processorMatch3.4-

netappservice_processorMatch3.4patch1

netappservice_processorMatch3.4patch2

netappservice_processorMatch4.2-

netappservice_processorMatch4.2patch1

netappservice_processorMatch4.2patch2

netappservice_processorMatch5.2-

netappservice_processorMatch5.2patch1

AND

netappclustered_data_ontapMatch9.2

Node

netappservice_processorMatch2.4.1-

netappservice_processorMatch2.4.1patch1

netappservice_processorMatch3.3-

netappservice_processorMatch3.3patch1

netappservice_processorMatch3.3patch2

netappservice_processorMatch3.3patch3

netappservice_processorMatch3.3patch4

netappservice_processorMatch4.1-

netappservice_processorMatch4.1patch1

netappservice_processorMatch4.1patch2

netappservice_processorMatch4.1patch3

netappservice_processorMatch4.1patch4

netappservice_processorMatch4.1patch5

netappservice_processorMatch4.1patch6

netappservice_processorMatch5.1-

netappservice_processorMatch5.1patch1

netappservice_processorMatch5.1patch2

netappservice_processorMatch5.1patch3

AND

netappclustered_data_ontapMatch9.1

Node

netappservice_processorMatch2.4-

netappservice_processorMatch3.2-

AND

netappclustered_data_ontapMatch9.0

Node

netappservice_processorMatch2.3.2-

netappservice_processorMatch2.3.2patch1

netappservice_processorMatch2.3.2patch2

netappservice_processorMatch2.3.2patch3

netappservice_processorMatch3.1.2-

netappservice_processorMatch3.1.2patch1

netappservice_processorMatch3.1.2patch2

AND

netappclustered_data_ontapMatch8.3

Node

netappservice_processorMatch2.2.5-

netappservice_processorMatch3.0.4-

AND

netappclustered_data_ontapMatch8.2

CPENameOperatorVersion
netapp:service_processornetapp service processoreq2.8
netapp:service_processornetapp service processoreq3.7
netapp:service_processornetapp service processoreq4.5
netapp:service_processornetapp service processoreq5.5

CPE	Name	Operator	Version
netapp:service_processor	netapp service processor	eq	2.8
netapp:service_processor	netapp service processor	eq	3.7
netapp:service_processor	netapp service processor	eq	4.5
netapp:service_processor	netapp service processor	eq	5.5

CNA Affected

[
  {
    "product": "NetApp Service Processor",
    "vendor": "NetApp, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "2.x-5.x - refer to advisory"
      }
    ]
  }
]

References

support.lenovo.com/us/en/solutions/LEN-26771

security.netapp.com/advisory/ntap-20190305-0001/

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.9%

JSON

Related for CVE-2019-5490

lenovo2 prion1 cvelist1 nvd1