10

CVE-2019-5490

EPSS 1.1%
Veröffentlicht 21.03.2019 19:29:00
Zuletzt bearbeitet 21.11.2024 04:45:02
Quelle security-alert@netapp.com
Teams Watchlist Login
Unerledigt Login

Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netapp ≫ Service Processor Version2.8 Update-

Netapp ≫ Clustered Data Ontap Version9.5

Netapp ≫ Service Processor Version3.7 Update-

Netapp ≫ Clustered Data Ontap Version9.5

Netapp ≫ Service Processor Version4.5 Update-

Netapp ≫ Clustered Data Ontap Version9.5

Netapp ≫ Service Processor Version5.5 Update-

Netapp ≫ Clustered Data Ontap Version9.5

Netapp ≫ Service Processor Version2.8 Update-

Netapp ≫ Clustered Data Ontap Version9.4

Netapp ≫ Service Processor Version3.7 Update-

Netapp ≫ Clustered Data Ontap Version9.4

Netapp ≫ Service Processor Version4.5 Update-

Netapp ≫ Clustered Data Ontap Version9.4

Netapp ≫ Service Processor Version5.5 Update-

Netapp ≫ Clustered Data Ontap Version9.4

Netapp ≫ Service Processor Version2.8 Update-

Netapp ≫ Clustered Data Ontap Version9.3

Netapp ≫ Service Processor Version3.7 Update-

Netapp ≫ Clustered Data Ontap Version9.3

Netapp ≫ Service Processor Version4.5 Update-

Netapp ≫ Clustered Data Ontap Version9.3

Netapp ≫ Service Processor Version5.5 Update-

Netapp ≫ Clustered Data Ontap Version9.3

Netapp ≫ Service Processor Version2.5 Update-

Netapp ≫ Clustered Data Ontap Version9.2

Netapp ≫ Service Processor Version3.4 Update-

Netapp ≫ Clustered Data Ontap Version9.2

Netapp ≫ Service Processor Version3.4 Updatepatch1

Netapp ≫ Clustered Data Ontap Version9.2

Netapp ≫ Service Processor Version3.4 Updatepatch2

Netapp ≫ Clustered Data Ontap Version9.2

Netapp ≫ Service Processor Version4.2 Update-

Netapp ≫ Clustered Data Ontap Version9.2

Netapp ≫ Service Processor Version4.2 Updatepatch1

Netapp ≫ Clustered Data Ontap Version9.2

Netapp ≫ Service Processor Version4.2 Updatepatch2

Netapp ≫ Clustered Data Ontap Version9.2

Netapp ≫ Service Processor Version5.2 Update-

Netapp ≫ Clustered Data Ontap Version9.2

Netapp ≫ Service Processor Version5.2 Updatepatch1

Netapp ≫ Clustered Data Ontap Version9.2

Netapp ≫ Service Processor Version2.4.1 Update-

Netapp ≫ Clustered Data Ontap Version9.1

Netapp ≫ Service Processor Version2.4.1 Updatepatch1

Netapp ≫ Clustered Data Ontap Version9.1

Netapp ≫ Service Processor Version3.3 Update-

Netapp ≫ Clustered Data Ontap Version9.1

Netapp ≫ Service Processor Version3.3 Updatepatch1

Netapp ≫ Clustered Data Ontap Version9.1

Netapp ≫ Service Processor Version3.3 Updatepatch2

Netapp ≫ Clustered Data Ontap Version9.1

Netapp ≫ Service Processor Version3.3 Updatepatch3

Netapp ≫ Clustered Data Ontap Version9.1

Netapp ≫ Service Processor Version3.3 Updatepatch4

Netapp ≫ Clustered Data Ontap Version9.1

Netapp ≫ Service Processor Version4.1 Update-

Netapp ≫ Clustered Data Ontap Version9.1

Netapp ≫ Service Processor Version4.1 Updatepatch1

Netapp ≫ Clustered Data Ontap Version9.1

Netapp ≫ Service Processor Version4.1 Updatepatch2

Netapp ≫ Clustered Data Ontap Version9.1

Netapp ≫ Service Processor Version4.1 Updatepatch3

Netapp ≫ Clustered Data Ontap Version9.1

Netapp ≫ Service Processor Version4.1 Updatepatch4

Netapp ≫ Clustered Data Ontap Version9.1

Netapp ≫ Service Processor Version4.1 Updatepatch5

Netapp ≫ Clustered Data Ontap Version9.1

Netapp ≫ Service Processor Version4.1 Updatepatch6

Netapp ≫ Clustered Data Ontap Version9.1

Netapp ≫ Service Processor Version5.1 Update-

Netapp ≫ Clustered Data Ontap Version9.1

Netapp ≫ Service Processor Version5.1 Updatepatch1

Netapp ≫ Clustered Data Ontap Version9.1

Netapp ≫ Service Processor Version5.1 Updatepatch2

Netapp ≫ Clustered Data Ontap Version9.1

Netapp ≫ Service Processor Version5.1 Updatepatch3

Netapp ≫ Clustered Data Ontap Version9.1

Netapp ≫ Service Processor Version2.4 Update-

Netapp ≫ Clustered Data Ontap Version9.0

Netapp ≫ Service Processor Version3.2 Update-

Netapp ≫ Clustered Data Ontap Version9.0

Netapp ≫ Service Processor Version2.3.2 Update-

Netapp ≫ Clustered Data Ontap Version8.3

Netapp ≫ Service Processor Version2.3.2 Updatepatch1

Netapp ≫ Clustered Data Ontap Version8.3

Netapp ≫ Service Processor Version2.3.2 Updatepatch2

Netapp ≫ Clustered Data Ontap Version8.3

Netapp ≫ Service Processor Version2.3.2 Updatepatch3

Netapp ≫ Clustered Data Ontap Version8.3

Netapp ≫ Service Processor Version3.1.2 Update-

Netapp ≫ Clustered Data Ontap Version8.3

Netapp ≫ Service Processor Version3.1.2 Updatepatch1

Netapp ≫ Clustered Data Ontap Version8.3

Netapp ≫ Service Processor Version3.1.2 Updatepatch2

Netapp ≫ Clustered Data Ontap Version8.3

Netapp ≫ Service Processor Version2.2.5 Update-

Netapp ≫ Clustered Data Ontap Version8.2

Netapp ≫ Service Processor Version3.0.4 Update-

Netapp ≫ Clustered Data Ontap Version8.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.1%	0.761

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-1188 Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

http://support.lenovo.com/us/en/solutions/LEN-26771

https://security.netapp.com/advisory/ntap-20190305-0001/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-5490

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-5490

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-5490

EUVD