PT-2018-16988 · Netapp+1 · Netapp Santricity Web Services Proxy+2

Publicado

2018-06-13

·

Atualizado

2018-08-11

·

CVE-2018-5488

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 NetApp SANtricity Storage Manager versions 11.30.0X00.0004 through 11.42.0X00.0001
Description The issue concerns the Java Management Extension Remote Method Invocation (JMX RMI) service being bound to the network, making the software susceptible to unauthenticated remote code execution.
Recommendations For NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002, consider disabling the JMX RMI service until a patch is available. For NetApp SANtricity Storage Manager versions 11.30.0X00.0004 through 11.42.0X00.0001, restrict access to the JMX RMI service to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2018-5488

Produtos afetados

Java Management Extension Remote Method Invocation
Netapp Santricity Storage Manager
Netapp Santricity Web Services Proxy