CVE-2019-5497

CRITICAL

NetApp AFF A700s BMC - Command Injection

Title source: llm

Description

NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution.

References (1)

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20190627-0001/

Scores

CVSS v3 9.8

EPSS 0.0096

EPSS Percentile 76.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-1188

Status published

Products (2)

netapp/aff_a700s_firmware 1.22

netapp/clustered_data_ontap

Published Jul 01, 2019

Tracked Since Feb 18, 2026