Code Injection Vulnerability in ONTAP Select Deploy Administration Utility by NetApp
CVE-2019-5509

9.8CRITICAL

Key Information:

Vendor: Netapp
Status: Ontap Select Deploy Administration Utility
Vendor: CVE Published:; 21 November 2019

What is CVE-2019-5509?

The ONTAP Select Deploy administration utility, specifically versions 2.11.2 through 2.12.2, is exposed to a code injection vulnerability. When an attacker exploits this vulnerability, they can gain unauthorized access and potentially escalate their privileges to control a privileged user account. This allows for significant risk to the integrity and confidentiality of data managed by the utility.

Affected Version(s)

ONTAP Select Deploy administration utility 2.11.2 through 2.12.2

References

https://security.netapp.com/advisory/ntap-20191121-0001/

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2019
Vulnerability Reserved
Jan 7, 2019

Netapp

What is CVE-2019-5509?

Affected Version(s)

References

CVSS V3.1

Timeline