Vulnerability Description
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netapp | Service Processor | 2.8 |
| Netapp | Clustered Data Ontap | 9.5 |
Related Weaknesses (CWE)
References
- http://support.lenovo.com/us/en/solutions/LEN-26771
- https://security.netapp.com/advisory/ntap-20190305-0001/Vendor Advisory
- http://support.lenovo.com/us/en/solutions/LEN-26771
- https://security.netapp.com/advisory/ntap-20190305-0001/Vendor Advisory
FAQ
What is CVE-2019-5490?
CVE-2019-5490 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. ...
How severe is CVE-2019-5490?
CVE-2019-5490 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-5490?
Check the references section above for vendor advisories and patch information. Affected products include: Netapp Service Processor, Netapp Clustered Data Ontap.