CVE-2019-5490

Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.

Published : 2019-03-21 19:29 Updated : 2019-04-18 19:29

10.0
CVSS Score More info
Score 10.0 / 10
10.0
Vendor Product Version URI
Netapp Service Processor 2.2.5 cpe:/a:netapp:service_processor:2.2.5:-
Netapp Service Processor 2.3.2 cpe:/a:netapp:service_processor:2.3.2:-
Netapp Service Processor 2.3.2 cpe:/a:netapp:service_processor:2.3.2:patch1
Netapp Service Processor 2.3.2 cpe:/a:netapp:service_processor:2.3.2:patch2
Netapp Service Processor 2.3.2 cpe:/a:netapp:service_processor:2.3.2:patch3
Netapp Service Processor 2.4 cpe:/a:netapp:service_processor:2.4:-
Netapp Service Processor 2.4.1 cpe:/a:netapp:service_processor:2.4.1:-
Netapp Service Processor 2.4.1 cpe:/a:netapp:service_processor:2.4.1:patch1
Netapp Service Processor 2.5 cpe:/a:netapp:service_processor:2.5:-
Netapp Service Processor 2.8 cpe:/a:netapp:service_processor:2.8:-
Netapp Service Processor 3.0.4 cpe:/a:netapp:service_processor:3.0.4:-
Netapp Service Processor 3.1.2 cpe:/a:netapp:service_processor:3.1.2:-
Netapp Service Processor 3.1.2 cpe:/a:netapp:service_processor:3.1.2:patch1
Netapp Service Processor 3.1.2 cpe:/a:netapp:service_processor:3.1.2:patch2
Netapp Service Processor 3.2 cpe:/a:netapp:service_processor:3.2:-
Netapp Service Processor 3.3 cpe:/a:netapp:service_processor:3.3:-
Netapp Service Processor 3.3 cpe:/a:netapp:service_processor:3.3:patch1
Netapp Service Processor 3.3 cpe:/a:netapp:service_processor:3.3:patch2
Netapp Service Processor 3.3 cpe:/a:netapp:service_processor:3.3:patch3
Netapp Service Processor 3.3 cpe:/a:netapp:service_processor:3.3:patch4
Netapp Service Processor 3.4 cpe:/a:netapp:service_processor:3.4:-
Netapp Service Processor 3.4 cpe:/a:netapp:service_processor:3.4:patch1
Netapp Service Processor 3.4 cpe:/a:netapp:service_processor:3.4:patch2
Netapp Service Processor 3.7 cpe:/a:netapp:service_processor:3.7:-
Netapp Service Processor 4.1 cpe:/a:netapp:service_processor:4.1:-
Netapp Service Processor 4.1 cpe:/a:netapp:service_processor:4.1:patch1
Netapp Service Processor 4.1 cpe:/a:netapp:service_processor:4.1:patch2
Netapp Service Processor 4.1 cpe:/a:netapp:service_processor:4.1:patch3
Netapp Service Processor 4.1 cpe:/a:netapp:service_processor:4.1:patch4
Netapp Service Processor 4.1 cpe:/a:netapp:service_processor:4.1:patch5
Netapp Service Processor 4.1 cpe:/a:netapp:service_processor:4.1:patch6
Netapp Service Processor 4.2 cpe:/a:netapp:service_processor:4.2:-
Netapp Service Processor 4.2 cpe:/a:netapp:service_processor:4.2:patch1
Netapp Service Processor 4.2 cpe:/a:netapp:service_processor:4.2:patch2
Netapp Service Processor 4.5 cpe:/a:netapp:service_processor:4.5:-
Netapp Service Processor 5.1 cpe:/a:netapp:service_processor:5.1:-
Netapp Service Processor 5.1 cpe:/a:netapp:service_processor:5.1:patch1
Netapp Service Processor 5.1 cpe:/a:netapp:service_processor:5.1:patch2
Netapp Service Processor 5.1 cpe:/a:netapp:service_processor:5.1:patch3
Netapp Service Processor 5.2 cpe:/a:netapp:service_processor:5.2:-
Netapp Service Processor 5.2 cpe:/a:netapp:service_processor:5.2:patch1
Netapp Service Processor 5.5 cpe:/a:netapp:service_processor:5.5:-
  1. Netapp (1) Search CVE
    1. Service Processor (18) Search CVE
      1. 2.2.5
      2. 2.3.2
      3. 2.4
      4. 2.4.1
      5. 2.5
      6. 2.8
      7. 3.0.4
      8. 3.1.2
      9. 3.2
      10. 3.3
      11. 3.4
      12. 3.7
      13. 4.1
      14. 4.2
      15. 4.5
      16. 5.1
      17. 5.2
      18. 5.5

CWE

ID Name Description Links
CWE-264 Permissions, Privileges, and Access Controls Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control. CVE

History of changes

Date Event
2019-04-18 19:29
2019-04-08 17:01
2019-03-21 19:29

New CVE