Cryptographic Weakness in Data ONTAP by NetApp
CVE-2019-5502

9.1CRITICAL

Key Information:

Vendor
Netapp
Status
Data Ontap Operating In 7-mode
Vendor
CVE Published:
5 August 2019

Summary

The Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 contains a vulnerability related to insufficient cryptography in its SMB implementation. Exploiting this weakness could potentially allow attackers to access sensitive data, leading to information disclosure or unauthorized alteration of data. It is crucial for users of affected versions to upgrade to the latest release to mitigate these risks.

Affected Version(s)

Data ONTAP operating in 7-Mode Below 8.2.5P3

References

https://security.netapp.com/advisory/ntap-20190802-0002/
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-5502 : Cryptographic Weakness in Data ONTAP by NetApp | SecurityVulnerability.io