Default Privileged Account Vulnerability in the NetApp Service Processor - Lenovo Support NL

Lenovo Security Advisory: LEN-26771

Potential Impact: Privilege escalation

Severity: High

Scope of Impact: Industry-wide

CVE Identifier: CVE-2019-5490

Summary Description:

Certain versions of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution.

Mitigation Strategy for Customers (what you should do to protect yourself):

NetApp recommends upgrading to the firmware version (or newer) indicated for your model in the Product Impact section below.