{ "id": "CVE-2019-5490", "sourceIdentifier": "security-alert@netapp.com", "published": "2019-03-21T19:29:00.580", "lastModified": "2020-08-24T17:37:01.140", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY." }, { "lang": "es", "value": "Ciertas versiones entre la 2.x y la 5.x (v\u00e9ase el advisory) del firmware de NetApp Service Processor se distribu\u00edan con una cuenta por defecto habilitada que podr\u00eda permitir la ejecuci\u00f3n no autorizada de comandos arbitrarios. Cualquier plataforma listada en la secci\u00f3n \"impact\" del advisory podr\u00eda haberse visto afectada y debe actualizarse a una versi\u00f3n solucionada del firmware de Service Processor INMEDIATAMENTE." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-1188" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*", "matchCriteriaId": "719C418A-B9BC-4BD5-AC8F-EE82F605A30C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*", "matchCriteriaId": "39F51F1A-3E63-46E1-ADF3-8192221D87B7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*", "matchCriteriaId": "6C902785-AC3D-4221-A4CC-B3FA62856373" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "93D5D337-89D5-49E7-B24E-13770B545B83" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.5:*:*:*:*:*:*:*", "matchCriteriaId": "392B4E85-99B9-48A7-B139-F59E32879A8A" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*", "matchCriteriaId": "719C418A-B9BC-4BD5-AC8F-EE82F605A30C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*", "matchCriteriaId": "39F51F1A-3E63-46E1-ADF3-8192221D87B7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*", "matchCriteriaId": "6C902785-AC3D-4221-A4CC-B3FA62856373" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "93D5D337-89D5-49E7-B24E-13770B545B83" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.4:*:*:*:*:*:*:*", "matchCriteriaId": "14E39741-0427-40B6-9A43-B2A20AD24650" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*", "matchCriteriaId": "719C418A-B9BC-4BD5-AC8F-EE82F605A30C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*", "matchCriteriaId": "39F51F1A-3E63-46E1-ADF3-8192221D87B7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*", "matchCriteriaId": "6C902785-AC3D-4221-A4CC-B3FA62856373" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "93D5D337-89D5-49E7-B24E-13770B545B83" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.3:*:*:*:*:*:*:*", "matchCriteriaId": "117DCE70-6D53-4CA4-8DFA-987725A5E879" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:2.5:-:*:*:*:*:*:*", "matchCriteriaId": "E6D12CA3-0868-4115-87B1-B4115C94DEBF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:3.4:-:*:*:*:*:*:*", "matchCriteriaId": "E9FE6E2C-C949-4BA1-81A0-DC0F7F734EE3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:3.4:patch1:*:*:*:*:*:*", "matchCriteriaId": "5E5A1717-018F-4216-9368-566DFCA12E57" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:3.4:patch2:*:*:*:*:*:*", "matchCriteriaId": "8A673025-321B-4376-9426-EFC5E8C1E571" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:4.2:-:*:*:*:*:*:*", "matchCriteriaId": "B3B387C2-8E99-4ECF-8C13-C299BD06CD2D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:4.2:patch1:*:*:*:*:*:*", "matchCriteriaId": "98EDF5B4-E436-4B30-85E8-4B409EB2126E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:4.2:patch2:*:*:*:*:*:*", "matchCriteriaId": "31150CC3-3FE9-4D09-B202-D3368946000B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:5.2:-:*:*:*:*:*:*", "matchCriteriaId": "9732D6A0-E987-470B-B780-9AB96C3C4973" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:5.2:patch1:*:*:*:*:*:*", "matchCriteriaId": "BA0AA984-AAD9-4E73-B02E-A0F887336B09" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "BD89FB43-C397-43F4-B157-A8B1B6F9962C" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:2.4.1:-:*:*:*:*:*:*", "matchCriteriaId": "8B21CBF7-E2EF-47F1-AB6B-87D78E285C03" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:2.4.1:patch1:*:*:*:*:*:*", "matchCriteriaId": "8FAA95A7-8A43-48AC-A0E9-DB4A8E9A6C40" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:3.3:-:*:*:*:*:*:*", "matchCriteriaId": "7F943157-7946-45B2-B904-6C4587D11A44" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:3.3:patch1:*:*:*:*:*:*", "matchCriteriaId": "CF9D0EAD-18CC-4D4B-9322-93A63ED4C017" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:3.3:patch2:*:*:*:*:*:*", "matchCriteriaId": "05144BF3-1F80-4C82-9246-B6F7648F6C52" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:3.3:patch3:*:*:*:*:*:*", "matchCriteriaId": "8989CA8B-6F81-4EBA-BEC7-1D5E5914F3BA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:3.3:patch4:*:*:*:*:*:*", "matchCriteriaId": "3ACBD45A-47A7-4EA1-972F-DAF4B7710F39" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:4.1:-:*:*:*:*:*:*", "matchCriteriaId": "49193A78-75D1-4F04-A3F3-5ED57ADD65B7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch1:*:*:*:*:*:*", "matchCriteriaId": "73E31337-8214-4886-8FBD-036966B5F929" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch2:*:*:*:*:*:*", "matchCriteriaId": "0D66219B-9192-49E7-86BB-7DD0F908DB1A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch3:*:*:*:*:*:*", "matchCriteriaId": "B995E407-5C75-4668-9B6B-829E3E4238B5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch4:*:*:*:*:*:*", "matchCriteriaId": "46EDDB30-94D7-4113-A5E4-5A3FF982D064" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch5:*:*:*:*:*:*", "matchCriteriaId": "572B4890-DD1D-491C-82BB-762379FF7BDB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch6:*:*:*:*:*:*", "matchCriteriaId": "B7646CED-E3BD-4CCB-B39F-0574E8103C9F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:5.1:-:*:*:*:*:*:*", "matchCriteriaId": "44F7E17E-29FA-4366-A1B4-F357B07035A1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:5.1:patch1:*:*:*:*:*:*", "matchCriteriaId": "24EB22C5-EDC1-443A-9E2E-7CB2A05FB304" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:5.1:patch2:*:*:*:*:*:*", "matchCriteriaId": "8405B058-6A9E-41C1-9544-5540190B5E80" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:5.1:patch3:*:*:*:*:*:*", "matchCriteriaId": "9BB0C569-25AB-4DDE-AB10-98D2C494DCFE" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "092BACC2-3518-4AEC-B07C-26A7765A7934" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:2.4:-:*:*:*:*:*:*", "matchCriteriaId": "A080A22D-162B-4E53-970C-7EEA96F61CC9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:3.2:-:*:*:*:*:*:*", "matchCriteriaId": "4DA70C10-F101-41B0-83D6-42ADDE7A9CE6" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "C3ED302E-F464-40DE-A976-FD518E42D95D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:2.3.2:-:*:*:*:*:*:*", "matchCriteriaId": "68C45B4C-3FA2-4597-AF4F-67B22FC0107A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:2.3.2:patch1:*:*:*:*:*:*", "matchCriteriaId": "F5534859-5691-4042-8B3F-13FFE15C838C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:2.3.2:patch2:*:*:*:*:*:*", "matchCriteriaId": "A490D45E-576E-488A-A82D-23165E6C174E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:2.3.2:patch3:*:*:*:*:*:*", "matchCriteriaId": "12E3E966-7A03-4381-802F-C839C0365D4D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:3.1.2:-:*:*:*:*:*:*", "matchCriteriaId": "41D5AFD4-2AF8-42A9-A95D-E5EEF8889D67" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:3.1.2:patch1:*:*:*:*:*:*", "matchCriteriaId": "A9C3042F-A4E6-4F5E-AE7F-4AF5880CBF92" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:3.1.2:patch2:*:*:*:*:*:*", "matchCriteriaId": "1DB3F9A9-E468-457C-AAAF-579069E23500" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:netapp:clustered_data_ontap:8.3:*:*:*:*:*:*:*", "matchCriteriaId": "1D440961-4908-444B-987F-5D8A3980C89A" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:2.2.5:-:*:*:*:*:*:*", "matchCriteriaId": "4E6C7A09-071C-4397-AA71-70CF0C22EE6D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:service_processor:3.0.4:-:*:*:*:*:*:*", "matchCriteriaId": "033C63E3-58CA-45A1-B279-DD17D52DBFCE" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:netapp:clustered_data_ontap:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "BF8722E3-564A-47CB-95B6-AFA591384504" } ] } ] } ], "references": [ { "url": "http://support.lenovo.com/us/en/solutions/LEN-26771", "source": "security-alert@netapp.com" }, { "url": "https://security.netapp.com/advisory/ntap-20190305-0001/", "source": "security-alert@netapp.com", "tags": [ "Vendor Advisory" ] } ] }