Improper Enforcement of Export Policies in NetApp's Data ONTAP Product
CVE-2018-5490

8.8HIGH

Key Information:

Vendor: Netapp
Status: Clustered Data Ontap
Vendor: CVE Published:; 3 August 2018

What is CVE-2018-5490?

In certain early versions of NetApp's Clustered Data ONTAP 8.3, read-only export policy rules were not adequately enforced, allowing authenticated SMBv2 and SMBv3 clients to gain more than the intended read-only access. This issue has been rectified in the general availability (GA) release of Data ONTAP 8.3. Users operating on prior release candidates are strongly advised to update their systems to safeguard against unauthorized access.

Affected Version(s)

Clustered Data ONTAP 8.3 Release Candidate versions

References

https://security.netapp.com/advisory/ntap-20150324-0001/

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 3, 2018
Vulnerability Reserved
Jan 12, 2018

Netapp

What is CVE-2018-5490?

Affected Version(s)

References

CVSS V3.1

Timeline