Unauthenticated Remote Code Execution in NetApp E-Series SANtricity OS Controller Software
CVE-2018-5492

9.8CRITICAL

Key Information:

Vendor: Netapp
Status: E-series Santricity Os Controller Software
Vendor: CVE Published:; 4 October 2018

What is CVE-2018-5492?

The NetApp E-Series SANtricity OS Controller Software versions 11.30 and later, including 11.30.5, are exposed to a vulnerability that allows unauthenticated users to execute remote code. This flaw could potentially enable attackers to gain unauthorized access, compromise system integrity, and execute malicious commands without any authentication. Immediate actions are recommended to mitigate this risk.

Affected Version(s)

E-Series SANtricity OS Controller Software 11.30.5

References

https://security.netapp.com/advisory/ntap-20181003-0001/

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2018
Vulnerability Reserved
Jan 12, 2018

Netapp

What is CVE-2018-5492?

Affected Version(s)

References

CVSS V3.1

Timeline