Vulnerability Name:

CVE-2020-8573 (CCN-184112)

Assigned:2020-06-26
Published:2020-06-26
Updated:2020-07-17
Summary:The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 or the Compute Firmware Bundle 12.2.92 the BMC account password on the H610C, H615C and H610S platforms is reset to the default documented value which could allow remote attackers to cause a Denial of Service (DoS).
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.6 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)
6.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): High
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
8.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Complete
Vulnerability Type:CWE-798
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-8573

Source: XF
Type: UNKNOWN
netapp-cve20208573-dos(184112)

Source: CCN
Type: NetApp Advisory Number NTAP-20200626-0001
CVE-2020-8573 Default Account Vulnerability in the NetApp HCI Baseboard Management Controller (BMC) - H610S

Source: MISC
Type: Vendor Advisory
https://security.netapp.com/advisory/ntap-20200626-0001/

Vulnerable Configuration:Configuration 1:
  • cpe:/o:netapp:hci_h610s_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netapp:hci_h610s:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    netapp hci h610s firmware -
    netapp hci h610s -