Description
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190305-0001/
Various Sources x_refsource_confirm
http://support.lenovo.com/us/en/solutions/LEN-26771
Scores
CVSS v3
9.8
EPSS
0.0349
EPSS Percentile
87.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-1188
Status
published
Products (18)
netapp/service_processor
2.8
netapp/service_processor
3.7
netapp/service_processor
4.5
netapp/service_processor
5.5
netapp/service_processor
2.5
netapp/service_processor
3.4 (3 CPE variants)
netapp/service_processor
4.2 (3 CPE variants)
netapp/service_processor
5.2 (2 CPE variants)
netapp/service_processor
2.4.1 (2 CPE variants)
netapp/service_processor
3.3 (5 CPE variants)
... and 8 more
Published
Mar 21, 2019
Tracked Since
Feb 18, 2026