Cryptographic issues in NetApp Data ONTAP operating in 7-Mode



Published: 2019-08-05 | Updated: 2019-08-07
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-5502
CWE-ID CWE-310
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Data ONTAP operating in 7-Mode
Operating systems & Components / Operating system package or component

Vendor NetApp

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Cryptographic issues

EUVDB-ID: #VU19954

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5502

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the weak cryptography in the SMB. A remote attacker can gain access to sensitive information and add or modify the data on the target system.

Successful exploitation of this vulnerability could potentially lead to information disclosure or addition or modification of data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Data ONTAP operating in 7-Mode: before 8.2.5P3

External links

http://security.netapp.com/advisory/ntap-20190802-0002/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###