Vulnerabilities > CVE-2019-17274 - Insecure Default Initialization of Resource vulnerability in Netapp products

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

netapp

CWE-1188

NVD

Published: 2020-02-26

Updated: 2020-08-24

Summary

NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.

Vulnerable Configurations

Part	Description	Count
OS	Netapp Netapp Fabric Attached Storage 8700 Firmware - Netapp Fabric Attached Storage 8300 Firmware - Netapp ALL Flash Fabric Attached Storage A400 Firmware -	3
Hardware	Netapp Netapp Fabric Attached Storage 8700 - Netapp Fabric Attached Storage 8300 - Netapp ALL Flash Fabric Attached Storage A400 -	3

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://security.netapp.com/advisory/ntap-20200226-0001/