NetApp SANtricity Products CVE-2018-5488 Remote Code Execution Vulnerability

Bugtraq ID:	104462
Class:	Unknown
CVE:	CVE-2018-5488
Remote:	Yes
Local:	No
Published:	Jun 12 2018 12:00AM
Updated:	Jun 12 2018 12:00AM
Credit:	NetApp
Vulnerable:	NetApp SANtricity Web Services Proxy 2.12.X000.0002 NetApp SANtricity Web Services Proxy 1.10.x000.0002 NetApp SANtricity Storage Manager 11.42.0X00.0001 NetApp SANtricity Storage Manager 11.30.0X00.0004
Not Vulnerable:	NetApp SANtricity Web Services Proxy 2.13 NetApp SANtricity Storage Manager 11.42.0X00.0003

NetApp SANtricity Products CVE-2018-5488 Remote Code Execution Vulnerability

NetApp SANtricity Products are prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition.
The following versions are affected:
NetApp SANtricity Web Services Proxy 1.10.x000.0002 through 2.12.X000.0002
NetApp SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001

NetApp SANtricity Products CVE-2018-5488 Remote Code Execution Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

NetApp SANtricity Products CVE-2018-5488 Remote Code Execution Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

NetApp SANtricity Products CVE-2018-5488 Remote Code Execution Vulnerability

References:

• NetApp Homepage (NetApp)
  
• CVE-2018-5488 Unauthenticated Remote Code Execution Vulnerability in SANtricity (NetApp)