Vulnerabilities > CVE-2019-5490 - Insecure Default Initialization of Resource vulnerability in Netapp Service Processor

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

netapp

CWE-1188

critical

NVD

Published: 2019-03-21

Updated: 2020-08-24

Summary

Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.

Vulnerable Configurations

Part	Description	Count
Application	Netapp Netapp Service Processor 2.8 Netapp Service Processor 3.7 Netapp Service Processor 4.5 Netapp Service Processor 5.5 Netapp Service Processor 2.5 Netapp Service Processor 3.4 Netapp Service Processor 4.2 Netapp Service Processor 5.2 Netapp Service Processor 2.4.1 Netapp Service Processor 3.3 Netapp Service Processor 4.1 Netapp Service Processor 5.1 Netapp Service Processor 2.4 Netapp Service Processor 3.2 Netapp Service Processor 2.3.2 Netapp Service Processor 3.1.2 Netapp Service Processor 2.2.5 Netapp Service Processor 3.0.4	42
OS	Netapp Netapp Clustered Data Ontap 9.5 Netapp Clustered Data Ontap 9.4 Netapp Clustered Data Ontap 9.3 Netapp Clustered Data Ontap 9.2 Netapp Clustered Data Ontap 9.1 Netapp Clustered Data Ontap 9.0 Netapp Clustered Data Ontap 8.3 Netapp Clustered Data Ontap 8.2	8

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References