CVE-2020-8573
Summary
| CVE | CVE-2020-8573 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-06-29 14:15:00 UTC |
| Updated | 2020-07-17 23:15:00 UTC |
| Description | The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 or the Compute Firmware Bundle 12.2.92 the BMC account password on the H610C, H615C and H610S platforms is reset to the default documented value which could allow remote attackers to cause a Denial of Service (DoS). |
Risk And Classification
Problem Types: CWE-798
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Netapp | Hci H610s | - | All | All | All |
| Hardware | Netapp | Hci H610s | - | All | All | All |
| Operating System | Netapp | Hci H610s Firmware | - | All | All | All |
| Operating System | Netapp | Hci H610s Firmware | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2020-8573 Default Account Vulnerability in the NetApp HCI Baseboard Management Controller (BMC) - H610C, H615C and H610S | NetApp Product Security | MISC | security.netapp.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.