Vulnerabilities > CVE-2019-17274 - Insecure Default Initialization of Resource vulnerability in Netapp products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

netapp

CWE-1188

NVD

Published: 2020-02-26

Updated: 2020-08-24

Summary

NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.

Vulnerable Configurations

Part	Description	Count
OS	Netapp Netapp Fabric Attached Storage 8700 Firmware - Netapp Fabric Attached Storage 8700 Firmware 13.1 Netapp Fabric Attached Storage 8300 Firmware - Netapp Fabric Attached Storage 8300 Firmware 13.1 Netapp ALL Flash Fabric Attached Storage A400 Firmware - Netapp ALL Flash Fabric Attached Storage A400 Firmware 13.1	6
Hardware	Netapp Netapp Fabric Attached Storage 8700 - Netapp Fabric Attached Storage 8300 - Netapp ALL Flash Fabric Attached Storage A400 -	3

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://security.netapp.com/advisory/ntap-20200226-0001/