NetApp: FAS 8300/8700 & AFF A400 BMC Security Advisory - US

Lenovo Security Advisory: LEN-30687

Potential Impact: Unauthorized arbitrary command execution

Severity: High

Scope of Impact: Industry-wide

CVE Identifier: CVE-2019-17274

Summary Description:

NetApp reported a vulnerability in FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 that may allow unauthorized arbitrary command execution via local access.

Mitigation Strategy for Customers (what you should do to protect yourself):

NetApp recommends updating to the appropriate FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware version for your product as indicated in the Product Impact section below.