Hostname Verification Bypass in NetApp Clustered Data ONTAP
CVE-2019-5506

5.9MEDIUM

Key Information:

Vendor: Netapp
Status: Clustered Data Ontap
Vendor: CVE Published:; 9 October 2019

What is CVE-2019-5506?

NetApp's Clustered Data ONTAP, starting from version 9.0, has a vulnerability due to a lack of hostname verification in specific scenarios. This flaw allows attackers to perform impersonation through man-in-the-middle attacks, potentially compromising the security of data communication. Proper hostname verification is essential to prevent unauthorized access and ensure the integrity of data exchanges.

Affected Version(s)

Clustered Data ONTAP 9.0 and higher

References

https://security.netapp.com/advisory/ntap-20191009-0003/

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2019
Vulnerability Reserved
Jan 7, 2019

Netapp

What is CVE-2019-5506?

Affected Version(s)

References

CVSS V3.1

Timeline