FKIE_CVE-2019-5490
Vulnerability from fkie_nvd - Published: 2019-03-21 19:29 - Updated: 2024-11-21 04:45
Severity ?
Summary
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "719C418A-B9BC-4BD5-AC8F-EE82F605A30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*",
"matchCriteriaId": "39F51F1A-3E63-46E1-ADF3-8192221D87B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*",
"matchCriteriaId": "6C902785-AC3D-4221-A4CC-B3FA62856373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*",
"matchCriteriaId": "93D5D337-89D5-49E7-B24E-13770B545B83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "392B4E85-99B9-48A7-B139-F59E32879A8A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "719C418A-B9BC-4BD5-AC8F-EE82F605A30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*",
"matchCriteriaId": "39F51F1A-3E63-46E1-ADF3-8192221D87B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*",
"matchCriteriaId": "6C902785-AC3D-4221-A4CC-B3FA62856373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*",
"matchCriteriaId": "93D5D337-89D5-49E7-B24E-13770B545B83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "14E39741-0427-40B6-9A43-B2A20AD24650",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "719C418A-B9BC-4BD5-AC8F-EE82F605A30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*",
"matchCriteriaId": "39F51F1A-3E63-46E1-ADF3-8192221D87B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*",
"matchCriteriaId": "6C902785-AC3D-4221-A4CC-B3FA62856373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*",
"matchCriteriaId": "93D5D337-89D5-49E7-B24E-13770B545B83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "117DCE70-6D53-4CA4-8DFA-987725A5E879",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.5:-:*:*:*:*:*:*",
"matchCriteriaId": "E6D12CA3-0868-4115-87B1-B4115C94DEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.4:-:*:*:*:*:*:*",
"matchCriteriaId": "E9FE6E2C-C949-4BA1-81A0-DC0F7F734EE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.4:patch1:*:*:*:*:*:*",
"matchCriteriaId": "5E5A1717-018F-4216-9368-566DFCA12E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.4:patch2:*:*:*:*:*:*",
"matchCriteriaId": "8A673025-321B-4376-9426-EFC5E8C1E571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.2:-:*:*:*:*:*:*",
"matchCriteriaId": "B3B387C2-8E99-4ECF-8C13-C299BD06CD2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.2:patch1:*:*:*:*:*:*",
"matchCriteriaId": "98EDF5B4-E436-4B30-85E8-4B409EB2126E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.2:patch2:*:*:*:*:*:*",
"matchCriteriaId": "31150CC3-3FE9-4D09-B202-D3368946000B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:5.2:-:*:*:*:*:*:*",
"matchCriteriaId": "9732D6A0-E987-470B-B780-9AB96C3C4973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:5.2:patch1:*:*:*:*:*:*",
"matchCriteriaId": "BA0AA984-AAD9-4E73-B02E-A0F887336B09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD89FB43-C397-43F4-B157-A8B1B6F9962C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.4.1:-:*:*:*:*:*:*",
"matchCriteriaId": "8B21CBF7-E2EF-47F1-AB6B-87D78E285C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.4.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "8FAA95A7-8A43-48AC-A0E9-DB4A8E9A6C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.3:-:*:*:*:*:*:*",
"matchCriteriaId": "7F943157-7946-45B2-B904-6C4587D11A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.3:patch1:*:*:*:*:*:*",
"matchCriteriaId": "CF9D0EAD-18CC-4D4B-9322-93A63ED4C017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.3:patch2:*:*:*:*:*:*",
"matchCriteriaId": "05144BF3-1F80-4C82-9246-B6F7648F6C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.3:patch3:*:*:*:*:*:*",
"matchCriteriaId": "8989CA8B-6F81-4EBA-BEC7-1D5E5914F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.3:patch4:*:*:*:*:*:*",
"matchCriteriaId": "3ACBD45A-47A7-4EA1-972F-DAF4B7710F39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.1:-:*:*:*:*:*:*",
"matchCriteriaId": "49193A78-75D1-4F04-A3F3-5ED57ADD65B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "73E31337-8214-4886-8FBD-036966B5F929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch2:*:*:*:*:*:*",
"matchCriteriaId": "0D66219B-9192-49E7-86BB-7DD0F908DB1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch3:*:*:*:*:*:*",
"matchCriteriaId": "B995E407-5C75-4668-9B6B-829E3E4238B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch4:*:*:*:*:*:*",
"matchCriteriaId": "46EDDB30-94D7-4113-A5E4-5A3FF982D064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch5:*:*:*:*:*:*",
"matchCriteriaId": "572B4890-DD1D-491C-82BB-762379FF7BDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch6:*:*:*:*:*:*",
"matchCriteriaId": "B7646CED-E3BD-4CCB-B39F-0574E8103C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "44F7E17E-29FA-4366-A1B4-F357B07035A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:5.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "24EB22C5-EDC1-443A-9E2E-7CB2A05FB304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:5.1:patch2:*:*:*:*:*:*",
"matchCriteriaId": "8405B058-6A9E-41C1-9544-5540190B5E80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:5.1:patch3:*:*:*:*:*:*",
"matchCriteriaId": "9BB0C569-25AB-4DDE-AB10-98D2C494DCFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "092BACC2-3518-4AEC-B07C-26A7765A7934",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.4:-:*:*:*:*:*:*",
"matchCriteriaId": "A080A22D-162B-4E53-970C-7EEA96F61CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "4DA70C10-F101-41B0-83D6-42ADDE7A9CE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3ED302E-F464-40DE-A976-FD518E42D95D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "68C45B4C-3FA2-4597-AF4F-67B22FC0107A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.3.2:patch1:*:*:*:*:*:*",
"matchCriteriaId": "F5534859-5691-4042-8B3F-13FFE15C838C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.3.2:patch2:*:*:*:*:*:*",
"matchCriteriaId": "A490D45E-576E-488A-A82D-23165E6C174E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.3.2:patch3:*:*:*:*:*:*",
"matchCriteriaId": "12E3E966-7A03-4381-802F-C839C0365D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "41D5AFD4-2AF8-42A9-A95D-E5EEF8889D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.1.2:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A9C3042F-A4E6-4F5E-AE7F-4AF5880CBF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.1.2:patch2:*:*:*:*:*:*",
"matchCriteriaId": "1DB3F9A9-E468-457C-AAAF-579069E23500",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D440961-4908-444B-987F-5D8A3980C89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.2.5:-:*:*:*:*:*:*",
"matchCriteriaId": "4E6C7A09-071C-4397-AA71-70CF0C22EE6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.0.4:-:*:*:*:*:*:*",
"matchCriteriaId": "033C63E3-58CA-45A1-B279-DD17D52DBFCE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF8722E3-564A-47CB-95B6-AFA591384504",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY."
},
{
"lang": "es",
"value": "Ciertas versiones entre la 2.x y la 5.x (v\u00e9ase el advisory) del firmware de NetApp Service Processor se distribu\u00edan con una cuenta por defecto habilitada que podr\u00eda permitir la ejecuci\u00f3n no autorizada de comandos arbitrarios. Cualquier plataforma listada en la secci\u00f3n \"impact\" del advisory podr\u00eda haberse visto afectada y debe actualizarse a una versi\u00f3n solucionada del firmware de Service Processor INMEDIATAMENTE."
}
],
"id": "CVE-2019-5490",
"lastModified": "2024-11-21T04:45:02.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T19:29:00.580",
"references": [
{
"source": "security-alert@netapp.com",
"url": "http://support.lenovo.com/us/en/solutions/LEN-26771"
},
{
"source": "security-alert@netapp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190305-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.lenovo.com/us/en/solutions/LEN-26771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190305-0001/"
}
],
"sourceIdentifier": "security-alert@netapp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1188"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…