Remote Access Vulnerability in NetApp OnCommand Insight Data Warehouse Component
CVE-2017-5600

9.8CRITICAL

Key Information:

Vendor: Netapp
Status: Oncommand Insight
Vendor: CVE Published:; 2 February 2017

What is CVE-2017-5600?

The Data Warehouse component in NetApp OnCommand Insight prior to version 7.2.3 is vulnerable to a security flaw that enables remote attackers to gain administrative access. This vulnerability arises from the existence of a default privileged account that has not been adequately secured. As a result, unauthorized users can exploit this weakness to execute potentially harmful actions within the system, making it essential for users to upgrade to the latest version to mitigate this risk.

References

https://kb.netapp.com/support/s/article/NTAP-20170131-0001

x_refsource_CONFIRM

http://www.securityfocus.com/bid/96041

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2017
Vulnerability Reserved
Jan 27, 2017

Netapp

What is CVE-2017-5600?

References

CVSS V3.1

Timeline