PT-2020-20216 · Netapp · Netapp Hci H610C+1
Published
2020-06-29
·
Updated
2020-07-17
·
CVE-2020-8573
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
NetApp HCI H610C, H615C, and H610S Baseboard Management Controllers (BMC) versions prior to the version where the default password reset issue is fixed
Description
The issue concerns a default account and password in the NetApp HCI H610C, H615C, and H610S Baseboard Management Controllers (BMC) that gets reset during upgrades to certain versions, potentially allowing remote attackers to cause a Denial of Service (DoS).
Recommendations
For NetApp HCI H610C, H615C, and H610S Baseboard Management Controllers (BMC), change the default account password during the initial node setup and after any upgrades to prevent the use of default credentials.
As a temporary workaround, consider restricting remote access to the BMC until the default password can be changed to a unique value.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netapp Hci H610C
Netapp Hci H615C