{"containers": {"cna": {"affected": [{"product": "NetApp Service Processor", "vendor": "NetApp, Inc.", "versions": [{"status": "affected", "version": "2.x-5.x - refer to advisory"}]}], "datePublic": "2019-03-05T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY."}], "problemTypes": [{"descriptions": [{"description": "Default Configureation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-18T18:06:09.000Z", "orgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "shortName": "netapp"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190305-0001/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.lenovo.com/us/en/solutions/LEN-26771"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@netapp.com", "ID": "CVE-2019-5490", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NetApp Service Processor", "version": {"version_data": [{"version_value": "2.x-5.x - refer to advisory"}]}}]}, "vendor_name": "NetApp, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Default Configureation"}]}]}, "references": {"reference_data": [{"name": "https://security.netapp.com/advisory/ntap-20190305-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190305-0001/"}, {"name": "http://support.lenovo.com/us/en/solutions/LEN-26771", "refsource": "CONFIRM", "url": "http://support.lenovo.com/us/en/solutions/LEN-26771"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:54:53.575Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190305-0001/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.lenovo.com/us/en/solutions/LEN-26771"}]}]}, "cveMetadata": {"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "assignerShortName": "netapp", "cveId": "CVE-2019-5490", "datePublished": "2019-03-21T18:25:53.000Z", "dateReserved": "2019-01-07T00:00:00.000Z", "dateUpdated": "2024-08-04T19:54:53.575Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*", "matchCriteriaId": "719C418A-B9BC-4BD5-AC8F-EE82F605A30C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*", "matchCriteriaId": "39F51F1A-3E63-46E1-ADF3-8192221D87B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*", "matchCriteriaId": "6C902785-AC3D-4221-A4CC-B3FA62856373", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "93D5D337-89D5-49E7-B24E-13770B545B83", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.5:*:*:*:*:*:*:*", "matchCriteriaId": "392B4E85-99B9-48A7-B139-F59E32879A8A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*", "matchCriteriaId": "719C418A-B9BC-4BD5-AC8F-EE82F605A30C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*", "matchCriteriaId": "39F51F1A-3E63-46E1-ADF3-8192221D87B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*", "matchCriteriaId": "6C902785-AC3D-4221-A4CC-B3FA62856373", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "93D5D337-89D5-49E7-B24E-13770B545B83", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.4:*:*:*:*:*:*:*", "matchCriteriaId": "14E39741-0427-40B6-9A43-B2A20AD24650", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:service_processor:2.8:-:*:*:*:*:*:*", "matchCriteriaId": "719C418A-B9BC-4BD5-AC8F-EE82F605A30C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:3.7:-:*:*:*:*:*:*", "matchCriteriaId": "39F51F1A-3E63-46E1-ADF3-8192221D87B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:4.5:-:*:*:*:*:*:*", "matchCriteriaId": "6C902785-AC3D-4221-A4CC-B3FA62856373", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "93D5D337-89D5-49E7-B24E-13770B545B83", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.3:*:*:*:*:*:*:*", "matchCriteriaId": "117DCE70-6D53-4CA4-8DFA-987725A5E879", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:service_processor:2.5:-:*:*:*:*:*:*", "matchCriteriaId": "E6D12CA3-0868-4115-87B1-B4115C94DEBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:3.4:-:*:*:*:*:*:*", "matchCriteriaId": "E9FE6E2C-C949-4BA1-81A0-DC0F7F734EE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:3.4:patch1:*:*:*:*:*:*", "matchCriteriaId": "5E5A1717-018F-4216-9368-566DFCA12E57", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:3.4:patch2:*:*:*:*:*:*", "matchCriteriaId": "8A673025-321B-4376-9426-EFC5E8C1E571", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:4.2:-:*:*:*:*:*:*", "matchCriteriaId": "B3B387C2-8E99-4ECF-8C13-C299BD06CD2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:4.2:patch1:*:*:*:*:*:*", "matchCriteriaId": "98EDF5B4-E436-4B30-85E8-4B409EB2126E", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:4.2:patch2:*:*:*:*:*:*", "matchCriteriaId": "31150CC3-3FE9-4D09-B202-D3368946000B", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:5.2:-:*:*:*:*:*:*", "matchCriteriaId": "9732D6A0-E987-470B-B780-9AB96C3C4973", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:5.2:patch1:*:*:*:*:*:*", "matchCriteriaId": "BA0AA984-AAD9-4E73-B02E-A0F887336B09", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "BD89FB43-C397-43F4-B157-A8B1B6F9962C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:service_processor:2.4.1:-:*:*:*:*:*:*", "matchCriteriaId": "8B21CBF7-E2EF-47F1-AB6B-87D78E285C03", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:2.4.1:patch1:*:*:*:*:*:*", "matchCriteriaId": "8FAA95A7-8A43-48AC-A0E9-DB4A8E9A6C40", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:3.3:-:*:*:*:*:*:*", "matchCriteriaId": "7F943157-7946-45B2-B904-6C4587D11A44", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:3.3:patch1:*:*:*:*:*:*", "matchCriteriaId": "CF9D0EAD-18CC-4D4B-9322-93A63ED4C017", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:3.3:patch2:*:*:*:*:*:*", "matchCriteriaId": "05144BF3-1F80-4C82-9246-B6F7648F6C52", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:3.3:patch3:*:*:*:*:*:*", "matchCriteriaId": "8989CA8B-6F81-4EBA-BEC7-1D5E5914F3BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:3.3:patch4:*:*:*:*:*:*", "matchCriteriaId": "3ACBD45A-47A7-4EA1-972F-DAF4B7710F39", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:4.1:-:*:*:*:*:*:*", "matchCriteriaId": "49193A78-75D1-4F04-A3F3-5ED57ADD65B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch1:*:*:*:*:*:*", "matchCriteriaId": "73E31337-8214-4886-8FBD-036966B5F929", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch2:*:*:*:*:*:*", "matchCriteriaId": "0D66219B-9192-49E7-86BB-7DD0F908DB1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch3:*:*:*:*:*:*", "matchCriteriaId": "B995E407-5C75-4668-9B6B-829E3E4238B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch4:*:*:*:*:*:*", "matchCriteriaId": "46EDDB30-94D7-4113-A5E4-5A3FF982D064", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch5:*:*:*:*:*:*", "matchCriteriaId": "572B4890-DD1D-491C-82BB-762379FF7BDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:4.1:patch6:*:*:*:*:*:*", "matchCriteriaId": "B7646CED-E3BD-4CCB-B39F-0574E8103C9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:5.1:-:*:*:*:*:*:*", "matchCriteriaId": "44F7E17E-29FA-4366-A1B4-F357B07035A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:5.1:patch1:*:*:*:*:*:*", "matchCriteriaId": "24EB22C5-EDC1-443A-9E2E-7CB2A05FB304", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:5.1:patch2:*:*:*:*:*:*", "matchCriteriaId": "8405B058-6A9E-41C1-9544-5540190B5E80", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:5.1:patch3:*:*:*:*:*:*", "matchCriteriaId": "9BB0C569-25AB-4DDE-AB10-98D2C494DCFE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "092BACC2-3518-4AEC-B07C-26A7765A7934", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:service_processor:2.4:-:*:*:*:*:*:*", "matchCriteriaId": "A080A22D-162B-4E53-970C-7EEA96F61CC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:3.2:-:*:*:*:*:*:*", "matchCriteriaId": "4DA70C10-F101-41B0-83D6-42ADDE7A9CE6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "C3ED302E-F464-40DE-A976-FD518E42D95D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:service_processor:2.3.2:-:*:*:*:*:*:*", "matchCriteriaId": "68C45B4C-3FA2-4597-AF4F-67B22FC0107A", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:2.3.2:patch1:*:*:*:*:*:*", "matchCriteriaId": "F5534859-5691-4042-8B3F-13FFE15C838C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:2.3.2:patch2:*:*:*:*:*:*", "matchCriteriaId": "A490D45E-576E-488A-A82D-23165E6C174E", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:2.3.2:patch3:*:*:*:*:*:*", "matchCriteriaId": "12E3E966-7A03-4381-802F-C839C0365D4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:3.1.2:-:*:*:*:*:*:*", "matchCriteriaId": "41D5AFD4-2AF8-42A9-A95D-E5EEF8889D67", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:3.1.2:patch1:*:*:*:*:*:*", "matchCriteriaId": "A9C3042F-A4E6-4F5E-AE7F-4AF5880CBF92", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:3.1.2:patch2:*:*:*:*:*:*", "matchCriteriaId": "1DB3F9A9-E468-457C-AAAF-579069E23500", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:8.3:*:*:*:*:*:*:*", "matchCriteriaId": "1D440961-4908-444B-987F-5D8A3980C89A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:service_processor:2.2.5:-:*:*:*:*:*:*", "matchCriteriaId": "4E6C7A09-071C-4397-AA71-70CF0C22EE6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:3.0.4:-:*:*:*:*:*:*", "matchCriteriaId": "033C63E3-58CA-45A1-B279-DD17D52DBFCE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "BF8722E3-564A-47CB-95B6-AFA591384504", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY."}, {"lang": "es", "value": "Ciertas versiones entre la 2.x y la 5.x (v\u00e9ase el advisory) del firmware de NetApp Service Processor se distribu\u00edan con una cuenta por defecto habilitada que podr\u00eda permitir la ejecuci\u00f3n no autorizada de comandos arbitrarios. Cualquier plataforma listada en la secci\u00f3n \"impact\" del advisory podr\u00eda haberse visto afectada y debe actualizarse a una versi\u00f3n solucionada del firmware de Service Processor INMEDIATAMENTE."}], "id": "CVE-2019-5490", "lastModified": "2024-11-21T04:45:02.493", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-21T19:29:00.580", "references": [{"source": "security-alert@netapp.com", "url": "http://support.lenovo.com/us/en/solutions/LEN-26771"}, {"source": "security-alert@netapp.com", "tags": ["Vendor Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190305-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.lenovo.com/us/en/solutions/LEN-26771"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190305-0001/"}], "sourceIdentifier": "security-alert@netapp.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1188"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}