CVE-2020-8573 — MEDIUM (6.5)

Vulnerability Description

The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 or the Compute Firmware Bundle 12.2.92 the BMC account password on the H610C, H615C and H610S platforms is reset to the default documented value which could allow remote attackers to cause a Denial of Service (DoS).

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netapp	Hci H610S Firmware	-
Netapp	Hci H610S	-

Related Weaknesses (CWE)

CWE-798

References

https://security.netapp.com/advisory/ntap-20200626-0001/Vendor Advisory
https://security.netapp.com/advisory/ntap-20200626-0001/Vendor Advisory

FAQ

What is CVE-2020-8573?

CVE-2020-8573 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During upg...

How severe is CVE-2020-8573?

CVE-2020-8573 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8573?

Check the references section above for vendor advisories and patch information. Affected products include: Netapp Hci H610S Firmware, Netapp Hci H610S.