cve-2019-5490
Vulnerability from cvelistv5
Published
2019-03-21 18:25
Modified
2024-08-04 19:54
Severity ?
Summary
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.
References
security-alert@netapp.comhttp://support.lenovo.com/us/en/solutions/LEN-26771
security-alert@netapp.comhttps://security.netapp.com/advisory/ntap-20190305-0001/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.lenovo.com/us/en/solutions/LEN-26771
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190305-0001/Vendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:54:53.575Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190305-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.lenovo.com/us/en/solutions/LEN-26771"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NetApp Service Processor",
          "vendor": "NetApp, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "2.x-5.x - refer to advisory"
            }
          ]
        }
      ],
      "datePublic": "2019-03-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Default Configureation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-18T18:06:09",
        "orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
        "shortName": "netapp"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190305-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.lenovo.com/us/en/solutions/LEN-26771"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@netapp.com",
          "ID": "CVE-2019-5490",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NetApp Service Processor",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.x-5.x - refer to advisory"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "NetApp, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Default Configureation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.netapp.com/advisory/ntap-20190305-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190305-0001/"
            },
            {
              "name": "http://support.lenovo.com/us/en/solutions/LEN-26771",
              "refsource": "CONFIRM",
              "url": "http://support.lenovo.com/us/en/solutions/LEN-26771"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
    "assignerShortName": "netapp",
    "cveId": "CVE-2019-5490",
    "datePublished": "2019-03-21T18:25:53",
    "dateReserved": "2019-01-07T00:00:00",
    "dateUpdated": "2024-08-04T19:54:53.575Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"719C418A-B9BC-4BD5-AC8F-EE82F605A30C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"39F51F1A-3E63-46E1-ADF3-8192221D87B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C902785-AC3D-4221-A4CC-B3FA62856373\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"93D5D337-89D5-49E7-B24E-13770B545B83\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:netapp:clustered_data_ontap:9.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"392B4E85-99B9-48A7-B139-F59E32879A8A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"719C418A-B9BC-4BD5-AC8F-EE82F605A30C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"39F51F1A-3E63-46E1-ADF3-8192221D87B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C902785-AC3D-4221-A4CC-B3FA62856373\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"93D5D337-89D5-49E7-B24E-13770B545B83\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:netapp:clustered_data_ontap:9.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14E39741-0427-40B6-9A43-B2A20AD24650\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"719C418A-B9BC-4BD5-AC8F-EE82F605A30C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"39F51F1A-3E63-46E1-ADF3-8192221D87B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C902785-AC3D-4221-A4CC-B3FA62856373\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"93D5D337-89D5-49E7-B24E-13770B545B83\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:netapp:clustered_data_ontap:9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"117DCE70-6D53-4CA4-8DFA-987725A5E879\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:2.5:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6D12CA3-0868-4115-87B1-B4115C94DEBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:3.4:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9FE6E2C-C949-4BA1-81A0-DC0F7F734EE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:3.4:patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E5A1717-018F-4216-9368-566DFCA12E57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:3.4:patch2:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A673025-321B-4376-9426-EFC5E8C1E571\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:4.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3B387C2-8E99-4ECF-8C13-C299BD06CD2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:4.2:patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"98EDF5B4-E436-4B30-85E8-4B409EB2126E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:4.2:patch2:*:*:*:*:*:*\", \"matchCriteriaId\": \"31150CC3-3FE9-4D09-B202-D3368946000B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:5.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"9732D6A0-E987-470B-B780-9AB96C3C4973\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:5.2:patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA0AA984-AAD9-4E73-B02E-A0F887336B09\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:netapp:clustered_data_ontap:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD89FB43-C397-43F4-B157-A8B1B6F9962C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:2.4.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B21CBF7-E2EF-47F1-AB6B-87D78E285C03\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:2.4.1:patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FAA95A7-8A43-48AC-A0E9-DB4A8E9A6C40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:3.3:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F943157-7946-45B2-B904-6C4587D11A44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:3.3:patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF9D0EAD-18CC-4D4B-9322-93A63ED4C017\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:3.3:patch2:*:*:*:*:*:*\", \"matchCriteriaId\": \"05144BF3-1F80-4C82-9246-B6F7648F6C52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:3.3:patch3:*:*:*:*:*:*\", \"matchCriteriaId\": \"8989CA8B-6F81-4EBA-BEC7-1D5E5914F3BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:3.3:patch4:*:*:*:*:*:*\", \"matchCriteriaId\": \"3ACBD45A-47A7-4EA1-972F-DAF4B7710F39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:4.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"49193A78-75D1-4F04-A3F3-5ED57ADD65B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:4.1:patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"73E31337-8214-4886-8FBD-036966B5F929\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:4.1:patch2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D66219B-9192-49E7-86BB-7DD0F908DB1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:4.1:patch3:*:*:*:*:*:*\", \"matchCriteriaId\": \"B995E407-5C75-4668-9B6B-829E3E4238B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:4.1:patch4:*:*:*:*:*:*\", \"matchCriteriaId\": \"46EDDB30-94D7-4113-A5E4-5A3FF982D064\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:4.1:patch5:*:*:*:*:*:*\", \"matchCriteriaId\": \"572B4890-DD1D-491C-82BB-762379FF7BDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:4.1:patch6:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7646CED-E3BD-4CCB-B39F-0574E8103C9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:5.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"44F7E17E-29FA-4366-A1B4-F357B07035A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:5.1:patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"24EB22C5-EDC1-443A-9E2E-7CB2A05FB304\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:5.1:patch2:*:*:*:*:*:*\", \"matchCriteriaId\": \"8405B058-6A9E-41C1-9544-5540190B5E80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:5.1:patch3:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BB0C569-25AB-4DDE-AB10-98D2C494DCFE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:netapp:clustered_data_ontap:9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"092BACC2-3518-4AEC-B07C-26A7765A7934\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:2.4:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"A080A22D-162B-4E53-970C-7EEA96F61CC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:3.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DA70C10-F101-41B0-83D6-42ADDE7A9CE6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:netapp:clustered_data_ontap:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3ED302E-F464-40DE-A976-FD518E42D95D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:2.3.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"68C45B4C-3FA2-4597-AF4F-67B22FC0107A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:2.3.2:patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5534859-5691-4042-8B3F-13FFE15C838C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:2.3.2:patch2:*:*:*:*:*:*\", \"matchCriteriaId\": \"A490D45E-576E-488A-A82D-23165E6C174E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:2.3.2:patch3:*:*:*:*:*:*\", \"matchCriteriaId\": \"12E3E966-7A03-4381-802F-C839C0365D4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:3.1.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"41D5AFD4-2AF8-42A9-A95D-E5EEF8889D67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:3.1.2:patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9C3042F-A4E6-4F5E-AE7F-4AF5880CBF92\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:3.1.2:patch2:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DB3F9A9-E468-457C-AAAF-579069E23500\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:netapp:clustered_data_ontap:8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D440961-4908-444B-987F-5D8A3980C89A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:2.2.5:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E6C7A09-071C-4397-AA71-70CF0C22EE6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:3.0.4:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"033C63E3-58CA-45A1-B279-DD17D52DBFCE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:netapp:clustered_data_ontap:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF8722E3-564A-47CB-95B6-AFA591384504\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.\"}, {\"lang\": \"es\", \"value\": \"Ciertas versiones entre la 2.x y la 5.x (v\\u00e9ase el advisory) del firmware de NetApp Service Processor se distribu\\u00edan con una cuenta por defecto habilitada que podr\\u00eda permitir la ejecuci\\u00f3n no autorizada de comandos arbitrarios. Cualquier plataforma listada en la secci\\u00f3n \\\"impact\\\" del advisory podr\\u00eda haberse visto afectada y debe actualizarse a una versi\\u00f3n solucionada del firmware de Service Processor INMEDIATAMENTE.\"}]",
      "id": "CVE-2019-5490",
      "lastModified": "2024-11-21T04:45:02.493",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-03-21T19:29:00.580",
      "references": "[{\"url\": \"http://support.lenovo.com/us/en/solutions/LEN-26771\", \"source\": \"security-alert@netapp.com\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190305-0001/\", \"source\": \"security-alert@netapp.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://support.lenovo.com/us/en/solutions/LEN-26771\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190305-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-alert@netapp.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1188\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-5490\",\"sourceIdentifier\":\"security-alert@netapp.com\",\"published\":\"2019-03-21T19:29:00.580\",\"lastModified\":\"2024-11-21T04:45:02.493\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.\"},{\"lang\":\"es\",\"value\":\"Ciertas versiones entre la 2.x y la 5.x (v\u00e9ase el advisory) del firmware de NetApp Service Processor se distribu\u00edan con una cuenta por defecto habilitada que podr\u00eda permitir la ejecuci\u00f3n no autorizada de comandos arbitrarios. Cualquier plataforma listada en la secci\u00f3n \\\"impact\\\" del advisory podr\u00eda haberse visto afectada y debe actualizarse a una versi\u00f3n solucionada del firmware de Service Processor INMEDIATAMENTE.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1188\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"719C418A-B9BC-4BD5-AC8F-EE82F605A30C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"39F51F1A-3E63-46E1-ADF3-8192221D87B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C902785-AC3D-4221-A4CC-B3FA62856373\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"93D5D337-89D5-49E7-B24E-13770B545B83\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:netapp:clustered_data_ontap:9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"392B4E85-99B9-48A7-B139-F59E32879A8A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"719C418A-B9BC-4BD5-AC8F-EE82F605A30C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"39F51F1A-3E63-46E1-ADF3-8192221D87B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C902785-AC3D-4221-A4CC-B3FA62856373\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"93D5D337-89D5-49E7-B24E-13770B545B83\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:netapp:clustered_data_ontap:9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14E39741-0427-40B6-9A43-B2A20AD24650\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"719C418A-B9BC-4BD5-AC8F-EE82F605A30C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"39F51F1A-3E63-46E1-ADF3-8192221D87B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C902785-AC3D-4221-A4CC-B3FA62856373\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"93D5D337-89D5-49E7-B24E-13770B545B83\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:netapp:clustered_data_ontap:9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"117DCE70-6D53-4CA4-8DFA-987725A5E879\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:2.5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6D12CA3-0868-4115-87B1-B4115C94DEBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:3.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9FE6E2C-C949-4BA1-81A0-DC0F7F734EE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:3.4:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E5A1717-018F-4216-9368-566DFCA12E57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:3.4:patch2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A673025-321B-4376-9426-EFC5E8C1E571\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:4.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3B387C2-8E99-4ECF-8C13-C299BD06CD2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:4.2:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"98EDF5B4-E436-4B30-85E8-4B409EB2126E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:4.2:patch2:*:*:*:*:*:*\",\"matchCriteriaId\":\"31150CC3-3FE9-4D09-B202-D3368946000B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:5.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9732D6A0-E987-470B-B780-9AB96C3C4973\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:5.2:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA0AA984-AAD9-4E73-B02E-A0F887336B09\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:netapp:clustered_data_ontap:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD89FB43-C397-43F4-B157-A8B1B6F9962C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:2.4.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B21CBF7-E2EF-47F1-AB6B-87D78E285C03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:2.4.1:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FAA95A7-8A43-48AC-A0E9-DB4A8E9A6C40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:3.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F943157-7946-45B2-B904-6C4587D11A44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:3.3:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF9D0EAD-18CC-4D4B-9322-93A63ED4C017\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:3.3:patch2:*:*:*:*:*:*\",\"matchCriteriaId\":\"05144BF3-1F80-4C82-9246-B6F7648F6C52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:3.3:patch3:*:*:*:*:*:*\",\"matchCriteriaId\":\"8989CA8B-6F81-4EBA-BEC7-1D5E5914F3BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:3.3:patch4:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ACBD45A-47A7-4EA1-972F-DAF4B7710F39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:4.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"49193A78-75D1-4F04-A3F3-5ED57ADD65B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:4.1:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"73E31337-8214-4886-8FBD-036966B5F929\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:4.1:patch2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D66219B-9192-49E7-86BB-7DD0F908DB1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:4.1:patch3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B995E407-5C75-4668-9B6B-829E3E4238B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:4.1:patch4:*:*:*:*:*:*\",\"matchCriteriaId\":\"46EDDB30-94D7-4113-A5E4-5A3FF982D064\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:4.1:patch5:*:*:*:*:*:*\",\"matchCriteriaId\":\"572B4890-DD1D-491C-82BB-762379FF7BDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:4.1:patch6:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7646CED-E3BD-4CCB-B39F-0574E8103C9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:5.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"44F7E17E-29FA-4366-A1B4-F357B07035A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:5.1:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"24EB22C5-EDC1-443A-9E2E-7CB2A05FB304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:5.1:patch2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8405B058-6A9E-41C1-9544-5540190B5E80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:5.1:patch3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BB0C569-25AB-4DDE-AB10-98D2C494DCFE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:netapp:clustered_data_ontap:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"092BACC2-3518-4AEC-B07C-26A7765A7934\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:2.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A080A22D-162B-4E53-970C-7EEA96F61CC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:3.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DA70C10-F101-41B0-83D6-42ADDE7A9CE6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:netapp:clustered_data_ontap:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3ED302E-F464-40DE-A976-FD518E42D95D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:2.3.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"68C45B4C-3FA2-4597-AF4F-67B22FC0107A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:2.3.2:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5534859-5691-4042-8B3F-13FFE15C838C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:2.3.2:patch2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A490D45E-576E-488A-A82D-23165E6C174E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:2.3.2:patch3:*:*:*:*:*:*\",\"matchCriteriaId\":\"12E3E966-7A03-4381-802F-C839C0365D4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:3.1.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"41D5AFD4-2AF8-42A9-A95D-E5EEF8889D67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:3.1.2:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9C3042F-A4E6-4F5E-AE7F-4AF5880CBF92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:3.1.2:patch2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DB3F9A9-E468-457C-AAAF-579069E23500\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:netapp:clustered_data_ontap:8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D440961-4908-444B-987F-5D8A3980C89A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:2.2.5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E6C7A09-071C-4397-AA71-70CF0C22EE6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:3.0.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"033C63E3-58CA-45A1-B279-DD17D52DBFCE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:netapp:clustered_data_ontap:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF8722E3-564A-47CB-95B6-AFA591384504\"}]}]}],\"references\":[{\"url\":\"http://support.lenovo.com/us/en/solutions/LEN-26771\",\"source\":\"security-alert@netapp.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190305-0001/\",\"source\":\"security-alert@netapp.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.lenovo.com/us/en/solutions/LEN-26771\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190305-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.