PT-2018-16990 · Netapp · Netapp Clustered Data Ontap

Published

2018-08-03

Updated

2019-10-03

CVE-2018-5490

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NetApp Clustered Data ONTAP versions prior to 8.3 GA

Description The issue concerns the incorrect enforcement of Read-Only export policy rules, potentially allowing more than read-only access from authenticated SMBv2 and SMBv3 clients. This has been resolved in the GA release.

Recommendations For versions prior to 8.3 GA, update the system to the NetApp Data ONTAP 8.3 GA release to resolve the issue.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2018-5490

Affected Products

Netapp Clustered Data Ontap

PT-2018-16990 · Netapp · Netapp Clustered Data Ontap

CVE-2018-5490

Weakness Enumeration

Related Identifiers

Affected Products

References · 3