CVE-2018-5490 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2018-5490?

CVE-2018-5490 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-5490?

Check the references section above for vendor advisories and patch information. Affected products include: Netapp Clustered Data Ontap.

Vulnerability Description

Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netapp	Clustered Data Ontap	< 8.3

Related Weaknesses (CWE)

CWE-732

References

https://security.netapp.com/advisory/ntap-20150324-0001/Vendor Advisory
https://security.netapp.com/advisory/ntap-20150324-0001/Vendor Advisory

FAQ

What is CVE-2018-5490?

CVE-2018-5490 is a vulnerability with a CVSS score of 8.8 (HIGH). Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 ...

How severe is CVE-2018-5490?

CVE-2018-5490 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-5490?

Check the references section above for vendor advisories and patch information. Affected products include: Netapp Clustered Data Ontap.