CVE-2019-17274

HIGH

NetApp FAS 8300/8700 and AFF A400 BMC - Command Injection

Title source: llm

Description

NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.

References (1)

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20200226-0001/

Scores

CVSS v3 7.8

EPSS 0.0019

EPSS Percentile 40.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-1188

Status published

Products (3)

netapp/all_flash_fabric-attached_storage_a400_firmware < 13.1

netapp/fabric-attached_storage_8300_firmware < 13.1

netapp/fabric-attached_storage_8700_firmware < 13.1

Published Feb 26, 2020

Tracked Since Feb 18, 2026