CVE-2019-5490
Published Mar 21, 2019
Last updated 4 years ago
Overview
- Description
- Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.
- Source
- security-alert@netapp.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-1188
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "719C418A-B9BC-4BD5-AC8F-EE82F605A30C"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39F51F1A-3E63-46E1-ADF3-8192221D87B7"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C902785-AC3D-4221-A4CC-B3FA62856373"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93D5D337-89D5-49E7-B24E-13770B545B83"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.5:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "392B4E85-99B9-48A7-B139-F59E32879A8A"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "719C418A-B9BC-4BD5-AC8F-EE82F605A30C"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39F51F1A-3E63-46E1-ADF3-8192221D87B7"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C902785-AC3D-4221-A4CC-B3FA62856373"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93D5D337-89D5-49E7-B24E-13770B545B83"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.4:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "14E39741-0427-40B6-9A43-B2A20AD24650"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "719C418A-B9BC-4BD5-AC8F-EE82F605A30C"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39F51F1A-3E63-46E1-ADF3-8192221D87B7"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C902785-AC3D-4221-A4CC-B3FA62856373"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93D5D337-89D5-49E7-B24E-13770B545B83"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.3:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "117DCE70-6D53-4CA4-8DFA-987725A5E879"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.5:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6D12CA3-0868-4115-87B1-B4115C94DEBF"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.4:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9FE6E2C-C949-4BA1-81A0-DC0F7F734EE3"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.4:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E5A1717-018F-4216-9368-566DFCA12E57"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.4:patch2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A673025-321B-4376-9426-EFC5E8C1E571"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.2:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3B387C2-8E99-4ECF-8C13-C299BD06CD2D"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.2:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98EDF5B4-E436-4B30-85E8-4B409EB2126E"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.2:patch2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "31150CC3-3FE9-4D09-B202-D3368946000B"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:5.2:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9732D6A0-E987-470B-B780-9AB96C3C4973"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:5.2:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA0AA984-AAD9-4E73-B02E-A0F887336B09"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.2:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BD89FB43-C397-43F4-B157-A8B1B6F9962C"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.4.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B21CBF7-E2EF-47F1-AB6B-87D78E285C03"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.4.1:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8FAA95A7-8A43-48AC-A0E9-DB4A8E9A6C40"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.3:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F943157-7946-45B2-B904-6C4587D11A44"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.3:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF9D0EAD-18CC-4D4B-9322-93A63ED4C017"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.3:patch2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05144BF3-1F80-4C82-9246-B6F7648F6C52"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.3:patch3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8989CA8B-6F81-4EBA-BEC7-1D5E5914F3BA"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.3:patch4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3ACBD45A-47A7-4EA1-972F-DAF4B7710F39"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49193A78-75D1-4F04-A3F3-5ED57ADD65B7"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73E31337-8214-4886-8FBD-036966B5F929"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D66219B-9192-49E7-86BB-7DD0F908DB1A"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B995E407-5C75-4668-9B6B-829E3E4238B5"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46EDDB30-94D7-4113-A5E4-5A3FF982D064"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "572B4890-DD1D-491C-82BB-762379FF7BDB"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7646CED-E3BD-4CCB-B39F-0574E8103C9F"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:5.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44F7E17E-29FA-4366-A1B4-F357B07035A1"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:5.1:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24EB22C5-EDC1-443A-9E2E-7CB2A05FB304"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:5.1:patch2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8405B058-6A9E-41C1-9544-5540190B5E80"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:5.1:patch3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BB0C569-25AB-4DDE-AB10-98D2C494DCFE"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.1:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "092BACC2-3518-4AEC-B07C-26A7765A7934"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.4:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A080A22D-162B-4E53-970C-7EEA96F61CC9"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.2:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4DA70C10-F101-41B0-83D6-42ADDE7A9CE6"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C3ED302E-F464-40DE-A976-FD518E42D95D"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.3.2:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68C45B4C-3FA2-4597-AF4F-67B22FC0107A"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.3.2:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5534859-5691-4042-8B3F-13FFE15C838C"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.3.2:patch2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A490D45E-576E-488A-A82D-23165E6C174E"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.3.2:patch3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12E3E966-7A03-4381-802F-C839C0365D4D"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.1.2:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41D5AFD4-2AF8-42A9-A95D-E5EEF8889D67"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.1.2:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9C3042F-A4E6-4F5E-AE7F-4AF5880CBF92"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.1.2:patch2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1DB3F9A9-E468-457C-AAAF-579069E23500"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:8.3:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1D440961-4908-444B-987F-5D8A3980C89A"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:service_processor:2.2.5:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E6C7A09-071C-4397-AA71-70CF0C22EE6D"
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:3.0.4:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "033C63E3-58CA-45A1-B279-DD17D52DBFCE"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:8.2:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BF8722E3-564A-47CB-95B6-AFA591384504"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]