var-201903-0170
Vulnerability from variot
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY. NetApp Service Processor Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NetAppServiceProcessor is a remote management device from NetApp Corporation of the United States. The product provides node remote management capabilities, including console redirection, logging and power control. An attacker could exploit this vulnerability to execute arbitrary commands. This issue affects the following products and versions: NetApp Service Processor versions 2.8, 3.7, 4.5, and 5.5 running on Clustered Data ONTAP 9.5, 9.4 and 9.3 NetApp Service Processor versions 2.5, 3.4, 3.4 patch1, 3.4 patch2, 4.2, 5.2, 4.2 patch1, 4.2 patch2, 5.2, and 5.2 patch1 running on Clustered Data ONTAP 9.2 NetApp Service Processor versions 2.4.1, 2.4.1 patch1, 3.3, 3.3 patch1, 3.3 patch2, 3.3 patch3, 3.3 patch4, 4.1,4.1 patch1, 4.1 patch2, 4.1 patch3, 4.1 patch4, 4.1 patch4, 4.1 patch5, 4.1 patch6, 5.1, 5.1 patch1, 5.1 patch2, and 5.1 patch3 running on Clustered Data ONTAP 9.1 NetApp Service Processor versions 2.4 and 3.2 running on Clustered Data ONTAP 9.0 NetApp Service Processor versions 2.3.2, 2.3.2 patch1, 2.3.2 patch2, 2.3.2 patch3, 3.1.2, 3.1.2 patch1, and 3.1.2 patch2 running on Clustered Data ONTAP 8.3 NetApp Service Processor versions 2.5, and 3.0.4 running on Clustered Data ONTAP 8.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0170",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "service processor",
"scope": "eq",
"trust": 1.3,
"vendor": "netapp",
"version": "3.1.2"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.3,
"vendor": "netapp",
"version": "3.0.4"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.3,
"vendor": "netapp",
"version": "2.4.1"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.3,
"vendor": "netapp",
"version": "2.3.2"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.3,
"vendor": "netapp",
"version": "2.2.5"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.3,
"vendor": "netapp",
"version": "5.5"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.3,
"vendor": "netapp",
"version": "5.2"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.3,
"vendor": "netapp",
"version": "5.1"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.3,
"vendor": "netapp",
"version": "4.5"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.3,
"vendor": "netapp",
"version": "4.2"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.3,
"vendor": "netapp",
"version": "4.1"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.3,
"vendor": "netapp",
"version": "3.7"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.3,
"vendor": "netapp",
"version": "3.4"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.3,
"vendor": "netapp",
"version": "3.3"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.3,
"vendor": "netapp",
"version": "3.2"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.3,
"vendor": "netapp",
"version": "2.8"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.3,
"vendor": "netapp",
"version": "2.5"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.3,
"vendor": "netapp",
"version": "2.4"
},
{
"model": "service processor",
"scope": "eq",
"trust": 0.8,
"vendor": "netapp",
"version": "2.x to 5.x"
},
{
"model": "service processor",
"scope": "eq",
"trust": 0.6,
"vendor": "netapp",
"version": "5.*"
},
{
"model": "service processor",
"scope": "eq",
"trust": 0.6,
"vendor": "netapp",
"version": "4.*"
},
{
"model": "service processor",
"scope": "eq",
"trust": 0.6,
"vendor": "netapp",
"version": "3.*"
},
{
"model": "service processor",
"scope": "eq",
"trust": 0.6,
"vendor": "netapp",
"version": "2.*"
},
{
"model": "service processor patch2",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "3.1.2"
},
{
"model": "service processor patch1",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "3.1.2"
},
{
"model": "service processor patch1",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "2.4.1"
},
{
"model": "service processor patch3",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "2.3.2"
},
{
"model": "service processor patch2",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "2.3.2"
},
{
"model": "service processor patch1",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "2.3.2"
},
{
"model": "service processor patch1",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "5.2"
},
{
"model": "service processor patch3",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "5.1"
},
{
"model": "service processor patch2",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "5.1"
},
{
"model": "service processor patch1",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "5.1"
},
{
"model": "service processor patch2",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "4.2"
},
{
"model": "service processor patch1",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "4.2"
},
{
"model": "service processor patch6",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "4.1"
},
{
"model": "service processor patch5",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "4.1"
},
{
"model": "service processor patch4",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "4.1"
},
{
"model": "service processor patch3",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "4.1"
},
{
"model": "service processor patch2",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "4.1"
},
{
"model": "service processor patch1",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "4.1"
},
{
"model": "service processor patch2",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "3.4"
},
{
"model": "service processor patch1",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "3.4"
},
{
"model": "service processor patch4",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "3.3"
},
{
"model": "service processor patch3",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "3.3"
},
{
"model": "service processor patch2",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "3.3"
},
{
"model": "service processor patch1",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "3.3"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "9.5"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "9.4"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "9.3"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "9.2"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "9.1"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "9.0"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "8.3"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "8.2"
},
{
"model": "service processor patch1",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": "5.5"
},
{
"model": "service processor patch2",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": "5.2"
},
{
"model": "service processor patch4",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": "5.1"
},
{
"model": "service processor patch1",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": "4.5"
},
{
"model": "service processor patch3",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": "4.2"
},
{
"model": "service processor patch7",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": "4.1"
},
{
"model": "service processor patch1",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": "3.7"
},
{
"model": "service processor patch3",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": "3.4"
},
{
"model": "service processor patch5",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": "3.3"
},
{
"model": "service processor patch1",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": "3.2"
},
{
"model": "service processor patch3",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": "3.1.2"
},
{
"model": "service processor patch1",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": "2.8"
},
{
"model": "service processor patch1",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": "2.5"
},
{
"model": "service processor patch2",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": "2.4.1"
},
{
"model": "service processor patch1",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": "2.4"
},
{
"model": "service processor patch4",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": "2.3.2"
},
{
"model": "service processor patch1",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": "2.2.5"
},
{
"model": "clustered data ontap 9.5p1",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap 9.4p6",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap 9.3p11",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap 9.1p17",
"scope": "ne",
"trust": 0.3,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15079"
},
{
"db": "BID",
"id": "107896"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003213"
},
{
"db": "NVD",
"id": "CVE-2019-5490"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:5.2:patch1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:5.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:4.2:patch2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:4.2:patch1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:2.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:4.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:3.4:patch2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:3.4:patch1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:3.4:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:4.1:patch5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:4.1:patch4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:3.3:patch1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:3.3:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:5.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:4.1:patch6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:3.3:patch4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:3.3:patch3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:3.3:patch2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:5.1:patch3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:4.1:patch3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:4.1:patch2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:2.4.1:patch1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:2.4.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:5.1:patch2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:5.1:patch1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:4.1:patch1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:4.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:3.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:2.4:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:3.1.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:2.3.2:patch3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:3.1.2:patch2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:3.1.2:patch1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:2.3.2:patch2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:2.3.2:patch1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:2.3.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:3.0.4:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:2.2.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5490"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "107896"
}
],
"trust": 0.3
},
"cve": "CVE-2019-5490",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-5490",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-15079",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-5490",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5490",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-15079",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-293",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-5490",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15079"
},
{
"db": "VULMON",
"id": "CVE-2019-5490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003213"
},
{
"db": "NVD",
"id": "CVE-2019-5490"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-293"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY. NetApp Service Processor Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NetAppServiceProcessor is a remote management device from NetApp Corporation of the United States. The product provides node remote management capabilities, including console redirection, logging and power control. An attacker could exploit this vulnerability to execute arbitrary commands. \nThis issue affects the following products and versions:\nNetApp Service Processor versions 2.8, 3.7, 4.5, and 5.5 running on Clustered Data ONTAP 9.5, 9.4 and 9.3\nNetApp Service Processor versions 2.5, 3.4, 3.4 patch1, 3.4 patch2, 4.2, 5.2, 4.2 patch1, 4.2 patch2, 5.2, and 5.2 patch1 running on Clustered Data ONTAP 9.2\nNetApp Service Processor versions 2.4.1, 2.4.1 patch1, 3.3, 3.3 patch1, 3.3 patch2, 3.3 patch3, 3.3 patch4, 4.1,4.1 patch1, 4.1 patch2, 4.1 patch3, 4.1 patch4, 4.1 patch4, 4.1 patch5, 4.1 patch6, 5.1, 5.1 patch1, 5.1 patch2, and 5.1 patch3 running on Clustered Data ONTAP 9.1\nNetApp Service Processor versions 2.4 and 3.2 running on Clustered Data ONTAP 9.0\nNetApp Service Processor versions 2.3.2, 2.3.2 patch1, 2.3.2 patch2, 2.3.2 patch3, 3.1.2, 3.1.2 patch1, and 3.1.2 patch2 running on Clustered Data ONTAP 8.3\nNetApp Service Processor versions 2.5, and 3.0.4 running on Clustered Data ONTAP 8.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003213"
},
{
"db": "CNVD",
"id": "CNVD-2019-15079"
},
{
"db": "BID",
"id": "107896"
},
{
"db": "VULMON",
"id": "CVE-2019-5490"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5490",
"trust": 3.4
},
{
"db": "LENOVO",
"id": "LEN-26771",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003213",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-15079",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-293",
"trust": 0.6
},
{
"db": "BID",
"id": "107896",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2019-5490",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15079"
},
{
"db": "VULMON",
"id": "CVE-2019-5490"
},
{
"db": "BID",
"id": "107896"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003213"
},
{
"db": "NVD",
"id": "CVE-2019-5490"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-293"
}
]
},
"id": "VAR-201903-0170",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15079"
}
],
"trust": 0.85113124
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15079"
}
]
},
"last_update_date": "2023-12-18T13:13:30.448000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTAP-20190305-0001",
"trust": 0.8,
"url": "https://security.netapp.com/advisory/ntap-20190305-0001/"
},
{
"title": "Patch for NetAppServiceProcessor permission and access control issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/161977"
},
{
"title": "NetApp Service Processor Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89923"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15079"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003213"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-293"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1188",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003213"
},
{
"db": "NVD",
"id": "CVE-2019-5490"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://security.netapp.com/advisory/ntap-20190305-0001/"
},
{
"trust": 1.7,
"url": "http://support.lenovo.com/us/en/solutions/len-26771"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5490"
},
{
"trust": 1.2,
"url": "https://vigilance.fr/vulnerability/netapp-data-ontap-code-execution-via-netapp-service-processor-privileged-account-28695"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5490"
},
{
"trust": 0.3,
"url": "http://www.netapp.com/us/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/1188.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15079"
},
{
"db": "VULMON",
"id": "CVE-2019-5490"
},
{
"db": "BID",
"id": "107896"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003213"
},
{
"db": "NVD",
"id": "CVE-2019-5490"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-293"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-15079"
},
{
"db": "VULMON",
"id": "CVE-2019-5490"
},
{
"db": "BID",
"id": "107896"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003213"
},
{
"db": "NVD",
"id": "CVE-2019-5490"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-293"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15079"
},
{
"date": "2019-03-21T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5490"
},
{
"date": "2019-03-05T00:00:00",
"db": "BID",
"id": "107896"
},
{
"date": "2019-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003213"
},
{
"date": "2019-03-21T19:29:00.580000",
"db": "NVD",
"id": "CVE-2019-5490"
},
{
"date": "2019-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-293"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15079"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5490"
},
{
"date": "2019-03-05T00:00:00",
"db": "BID",
"id": "107896"
},
{
"date": "2019-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003213"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-5490"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-293"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-293"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NetApp Service Processor Firmware vulnerabilities related to authorization, authority, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003213"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-293"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.