Vulnerability Details CVE-2019-17274
NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
Products affected by CVE-2019-17274
-
cpe:2.3:h:netapp:all_flash_fabric-attached_storage_a400:-
-
cpe:2.3:h:netapp:fabric-attached_storage_8300:-
-
cpe:2.3:h:netapp:fabric-attached_storage_8700:-
-
cpe:2.3:o:netapp:all_flash_fabric-attached_storage_a400_firmware:-
-
cpe:2.3:o:netapp:all_flash_fabric-attached_storage_a400_firmware:13.1
-
cpe:2.3:o:netapp:fabric-attached_storage_8300_firmware:-
-
cpe:2.3:o:netapp:fabric-attached_storage_8300_firmware:13.1
-
cpe:2.3:o:netapp:fabric-attached_storage_8700_firmware:-
-
cpe:2.3:o:netapp:fabric-attached_storage_8700_firmware:13.1