CVE-2019-5504 — Missing Authentication for Critical Function in Ontap Select Deploy Administration Utility

CWE-306 — Missing Authentication for Critical Function CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

1.2%

top 20.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Ontap Select Deploy Administration Utility

Timeline

PublishedSep 24

Latest updateMay 24

Description

ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5netapp/ontap_select_deploy_administration_utilityVersions 2.12 & 2.12.1

▶NVDnetapp/ontap_select_deploy_administration_utility2.12, 2.12.1+1

Patches

Patch: security.netapp.com ↗Patch: security.netapp.com ↗

🔴Vulnerability Details

GHSA

GHSA-7429-r2ff-6vjc: ONTAP Select Deploy administration utility versions 2↗2022-05-24

▶

CVEList

CVE-2019-5504: ONTAP Select Deploy administration utility versions 2↗2019-09-24

▶