CyberSec.Space Logo
Back to CVE Browser

CVE-2018-5490

HIGH
8.8
CVSS Severity Score
EPSS Score0.1850%
EPSS Percentile26.06th
PublishedAug 3, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release.

Affected Platforms (CPE)

📦
Netapp

Clustered Data Ontap

< 8.3

References & Advisories

🔗 https://security.netapp.com/advisory/ntap-20150324-0001/
🔗 https://security.netapp.com/advisory/ntap-20150324-0001/

Related Vulnerabilities

CVE-2016-66679.8

NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows rem...

CVE-2017-124208.8

Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote...

CVE-2017-124218.8

NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage contr...

CVE-2016-69048.1

Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. Thi...