First published: Thu Mar 21 2019(Updated: )
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.
Credit: security-alert@netapp.com security-alert@netapp.com
Affected Software | Affected Version | How to fix |
---|---|---|
NetApp Service Processor | =2.8 | |
NetApp Service Processor | =3.7 | |
NetApp Service Processor | =4.5 | |
NetApp Service Processor | =5.5 | |
NetApp Clustered Data ONTAP | =9.5 | |
NetApp Clustered Data ONTAP | =9.4 | |
NetApp Clustered Data ONTAP | =9.3 | |
NetApp Service Processor | =2.5 | |
NetApp Service Processor | =3.4 | |
NetApp Service Processor | =3.4-patch1 | |
NetApp Service Processor | =3.4-patch2 | |
NetApp Service Processor | =4.2 | |
NetApp Service Processor | =4.2-patch1 | |
NetApp Service Processor | =4.2-patch2 | |
NetApp Service Processor | =5.2 | |
NetApp Service Processor | =5.2-patch1 | |
NetApp Clustered Data ONTAP | =9.2 | |
NetApp Service Processor | =2.4.1 | |
NetApp Service Processor | =2.4.1-patch1 | |
NetApp Service Processor | =3.3 | |
NetApp Service Processor | =3.3-patch1 | |
NetApp Service Processor | =3.3-patch2 | |
NetApp Service Processor | =3.3-patch3 | |
NetApp Service Processor | =3.3-patch4 | |
NetApp Service Processor | =4.1 | |
NetApp Service Processor | =4.1-patch1 | |
NetApp Service Processor | =4.1-patch2 | |
NetApp Service Processor | =4.1-patch3 | |
NetApp Service Processor | =4.1-patch4 | |
NetApp Service Processor | =4.1-patch5 | |
NetApp Service Processor | =4.1-patch6 | |
NetApp Service Processor | =5.1 | |
NetApp Service Processor | =5.1-patch1 | |
NetApp Service Processor | =5.1-patch2 | |
NetApp Service Processor | =5.1-patch3 | |
NetApp Clustered Data ONTAP | =9.1 | |
NetApp Service Processor | =2.4 | |
NetApp Service Processor | =3.2 | |
NetApp Clustered Data ONTAP | =9.0 | |
NetApp Service Processor | =2.3.2 | |
NetApp Service Processor | =2.3.2-patch1 | |
NetApp Service Processor | =2.3.2-patch2 | |
NetApp Service Processor | =2.3.2-patch3 | |
NetApp Service Processor | =3.1.2 | |
NetApp Service Processor | =3.1.2-patch1 | |
NetApp Service Processor | =3.1.2-patch2 | |
NetApp Clustered Data ONTAP | =8.3 | |
NetApp Service Processor | =2.2.5 | |
NetApp Service Processor | =3.0.4 | |
NetApp Clustered Data ONTAP | =8.2 | |
All of | ||
Any of | ||
NetApp Service Processor | =2.8 | |
NetApp Service Processor | =3.7 | |
NetApp Service Processor | =4.5 | |
NetApp Service Processor | =5.5 | |
NetApp Clustered Data ONTAP | =9.5 | |
All of | ||
Any of | ||
NetApp Service Processor | =2.8 | |
NetApp Service Processor | =3.7 | |
NetApp Service Processor | =4.5 | |
NetApp Service Processor | =5.5 | |
NetApp Clustered Data ONTAP | =9.4 | |
All of | ||
Any of | ||
NetApp Service Processor | =2.8 | |
NetApp Service Processor | =3.7 | |
NetApp Service Processor | =4.5 | |
NetApp Service Processor | =5.5 | |
NetApp Clustered Data ONTAP | =9.3 | |
All of | ||
Any of | ||
NetApp Service Processor | =2.5 | |
NetApp Service Processor | =3.4 | |
NetApp Service Processor | =3.4-patch1 | |
NetApp Service Processor | =3.4-patch2 | |
NetApp Service Processor | =4.2 | |
NetApp Service Processor | =4.2-patch1 | |
NetApp Service Processor | =4.2-patch2 | |
NetApp Service Processor | =5.2 | |
NetApp Service Processor | =5.2-patch1 | |
NetApp Clustered Data ONTAP | =9.2 | |
All of | ||
Any of | ||
NetApp Service Processor | =2.4.1 | |
NetApp Service Processor | =2.4.1-patch1 | |
NetApp Service Processor | =3.3 | |
NetApp Service Processor | =3.3-patch1 | |
NetApp Service Processor | =3.3-patch2 | |
NetApp Service Processor | =3.3-patch3 | |
NetApp Service Processor | =3.3-patch4 | |
NetApp Service Processor | =4.1 | |
NetApp Service Processor | =4.1-patch1 | |
NetApp Service Processor | =4.1-patch2 | |
NetApp Service Processor | =4.1-patch3 | |
NetApp Service Processor | =4.1-patch4 | |
NetApp Service Processor | =4.1-patch5 | |
NetApp Service Processor | =4.1-patch6 | |
NetApp Service Processor | =5.1 | |
NetApp Service Processor | =5.1-patch1 | |
NetApp Service Processor | =5.1-patch2 | |
NetApp Service Processor | =5.1-patch3 | |
NetApp Clustered Data ONTAP | =9.1 | |
All of | ||
Any of | ||
NetApp Service Processor | =2.4 | |
NetApp Service Processor | =3.2 | |
NetApp Clustered Data ONTAP | =9.0 | |
All of | ||
Any of | ||
NetApp Service Processor | =2.3.2 | |
NetApp Service Processor | =2.3.2-patch1 | |
NetApp Service Processor | =2.3.2-patch2 | |
NetApp Service Processor | =2.3.2-patch3 | |
NetApp Service Processor | =3.1.2 | |
NetApp Service Processor | =3.1.2-patch1 | |
NetApp Service Processor | =3.1.2-patch2 | |
NetApp Clustered Data ONTAP | =8.3 | |
All of | ||
Any of | ||
NetApp Service Processor | =2.2.5 | |
NetApp Service Processor | =3.0.4 | |
NetApp Clustered Data ONTAP | =8.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this NetApp Service Processor firmware vulnerability is CVE-2019-5490.
Certain versions between 2.x to 5.x of the NetApp Service Processor firmware are affected by this vulnerability.
The severity of the CVE-2019-5490 vulnerability is critical with a severity value of 9.8.
To fix the CVE-2019-5490 vulnerability, affected platforms should be upgraded to a fixed version of the NetApp Service Processor firmware.
More information about the CVE-2019-5490 vulnerability can be found in the advisory provided by NetApp.