Vulnerabilities > CVE-2019-5497 - Insecure Default Initialization of Resource vulnerability in Netapp AFF A700S Firmware and Clustered Data Ontap

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

netapp

CWE-1188

critical

NVD

Published: 2019-07-01

Updated: 2020-08-24

Summary

NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution.

Vulnerable Configurations

Part	Description	Count
OS	Netapp Netapp AFF A700S Firmware 1.22 Netapp Clustered Data Ontap -	2
Hardware	Netapp Netapp AFF A700S -	1

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://security.netapp.com/advisory/ntap-20190627-0001/