CVE-2020-8573
Last modified
CVE-2020-8573 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 or the Compute Firmware Bundle 12.2.92 the BMC account password on the H610C, H615C and H610S platforms is reset to the default documented value which could allow remote attackers to cause a Denial of Service (DoS).. EPSS estimates a 1.28% chance of exploitation in the next 30 days.
Description
The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 or the Compute Firmware Bundle 12.2.92 the BMC account password on the H610C, H615C and H610S platforms is reset to the default documented value which could allow remote attackers to cause a Denial of Service (DoS).
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Netapp | Hci H610s Firmware | All versions |
References
- https://security.netapp.com/advisory/ntap-20200626-0001/Vendor Advisory
- https://security.netapp.com/advisory/ntap-20200626-0001/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-8573?
How severe is CVE-2020-8573?
How do I fix CVE-2020-8573?
Are you affected by CVE-2020-8573?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST