Hostname Verification Bypass in NetApp Clustered Data ONTAP
CVE-2019-5506

5.9MEDIUM

Key Information:

Vendor
Netapp
Status
Clustered Data Ontap
Vendor
CVE Published:
9 October 2019

Summary

NetApp's Clustered Data ONTAP, starting from version 9.0, has a vulnerability due to a lack of hostname verification in specific scenarios. This flaw allows attackers to perform impersonation through man-in-the-middle attacks, potentially compromising the security of data communication. Proper hostname verification is essential to prevent unauthorized access and ensure the integrity of data exchanges.

Affected Version(s)

Clustered Data ONTAP 9.0 and higher

References

https://security.netapp.com/advisory/ntap-20191009-0003/
x_refsource_CONFIRM

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-5506 : Hostname Verification Bypass in NetApp Clustered Data ONTAP | SecurityVulnerability.io