CVE-2019-5490
Last modified
CVE-2019-5490 is a vulnerability of currently unknown severity. Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.. EPSS estimates a 3.49% chance of exploitation in the next 30 days.
Description
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Netapp | Service Processor | 2.8 |
| Netapp | Service Processor | 3.7 |
| Netapp | Service Processor | 4.5 |
| Netapp | Service Processor | 5.5 |
| Netapp | Service Processor | 2.5 |
| Netapp | Service Processor | 3.4 |
| Netapp | Service Processor | 4.2 |
| Netapp | Service Processor | 5.2 |
| Netapp | Service Processor | 2.4.1 |
| Netapp | Service Processor | 3.3 |
| Netapp | Service Processor | 4.1 |
| Netapp | Service Processor | 5.1 |
| Netapp | Service Processor | 2.4 |
| Netapp | Service Processor | 3.2 |
| Netapp | Service Processor | 2.3.2 |
| Netapp | Service Processor | 3.1.2 |
| Netapp | Service Processor | 2.2.5 |
| Netapp | Service Processor | 3.0.4 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-5490?
How severe is CVE-2019-5490?
How do I fix CVE-2019-5490?
Are you affected by CVE-2019-5490?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST