Remote Code Execution Vulnerability in NetApp OnCommand Unified Manager for Linux
CVE-2018-5487

9.8CRITICAL

Key Information:

Vendor: Netapp
Status: Oncommand Unified Manager For Linux
Vendor: CVE Published:; 24 May 2018

Summary

The NetApp OnCommand Unified Manager for Linux versions 7.2 and 7.3 contain a vulnerability where the Java Management Extension Remote Method Invocation (JMX RMI) service is exposed to the network. This exposure allows potential attackers to execute remote code without authentication, posing a serious security risk to affected systems.

Affected Version(s)

OnCommand Unified Manager for Linux Versions 7.2 through 7.3

References

https://security.netapp.com/advisory/ntap-20180523-0001/

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 24, 2018
Vulnerability Reserved
Jan 12, 2018