Code Injection Vulnerability in ONTAP Select Deploy Administration Utility by NetApp
CVE-2019-5509

9.8CRITICAL

Key Information:

Vendor
Netapp
Status
Ontap Select Deploy Administration Utility
Vendor
CVE Published:
21 November 2019

Summary

The ONTAP Select Deploy administration utility, specifically versions 2.11.2 through 2.12.2, is exposed to a code injection vulnerability. When an attacker exploits this vulnerability, they can gain unauthorized access and potentially escalate their privileges to control a privileged user account. This allows for significant risk to the integrity and confidentiality of data managed by the utility.

Affected Version(s)

ONTAP Select Deploy administration utility 2.11.2 through 2.12.2

References

https://security.netapp.com/advisory/ntap-20191121-0001/
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-5509 : Code Injection Vulnerability in ONTAP Select Deploy Administration Utility by NetApp | SecurityVulnerability.io