What is CVE-2019-17274?

CVE-2019-17274 is a high-severity vulnerability in Netapp All_flash_fabric-attached_storage_a400, classified under Initialization of a Resource with an Insecure Default. CVSS score: 7.8/10. Published 2020-02-26.

How severe is CVE-2019-17274?

High severity. CVSS v3 base score is 7.8 out of 10.

RCE in Netapp All_flash_fabric-attached_storage_a400

CVE-2019-17274

NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.

EPSS: 0.006 (43.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

CWE-1188 — Initialization of a Resource with an Insecure Default

References

security-alert@netapp.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2019-17274?: CVE-2019-17274 is a high-severity vulnerability in Netapp All_flash_fabric-attached_storage_a400, classified under Initialization of a Resource with an Insecure Default. CVSS score: 7.8/10. Published 2020-02-26.
How severe is CVE-2019-17274?: High severity. CVSS v3 base score is 7.8 out of 10.