CVE-2018-5490 — Incorrect Permission Assignment in Clustered Data Ontap

CWE-732 — Incorrect Permission Assignment4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 46.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Clustered Data Ontap

Timeline

PublishedAug 3

Latest updateMay 13

Description

Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDnetapp/clustered_data_ontap< 8.3

▶CVEListV5netapp/clustered_data_ontap8.3 Release Candidate versions

🔴Vulnerability Details

GHSA

GHSA-wq6r-8qf6-65vc: Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8↗2022-05-13

▶

CVEList

CVE-2018-5490: Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8↗2018-08-03

▶

💬Community

Bugzilla

CVE-2018-1000037 mupdf: multiple reachable assertions in the PDF parser↗2018-05-24

▶