NetApp OnCommand Insight up to 7.2.2 Data Warehouse access control
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
7.7 | $0-$5k | 0.00 |
A vulnerability classified as critical was found in NetApp OnCommand Insight up to 7.2.2. This vulnerability affects some unknown processing of the component Data Warehouse. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-264. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account.
The bug was discovered 01/31/2017. The weakness was presented 02/02/2017 (Website). The advisory is shared for download at securityfocus.com. This vulnerability was named CVE-2017-5600 since 01/27/2017. The attack can be initiated remotely. Required for exploitation is a single authentication. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1068.
The vulnerability was handled as a non-public zero-day exploit for at least 2 days. During that time the estimated underground price was around $0-$5k.
Upgrading to version 7.2.3 eliminates this vulnerability.
Product
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.0VulDB Meta Temp Score: 7.9
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 9.8
NVD Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: OnCommand Insight 7.2.3
Timeline
01/27/2017 🔍01/31/2017 🔍
01/31/2017 🔍
02/02/2017 🔍
02/02/2017 🔍
02/03/2017 🔍
08/10/2020 🔍
Sources
Vendor: netapp.comAdvisory: securityfocus.com⛔
Status: Not defined
Confirmation: 🔍
CVE: CVE-2017-5600 (🔍)
SecurityFocus: 96041 - NetApp OnCommand Insight Data Warehouse CVE-2017-5600 Security Bypass Vulnerability
OSVDB: - CVE-2017-5600 - NetApp - OnCommand Insight - Default Account Issue
Entry
Created: 02/03/2017 10:02Updated: 08/10/2020 09:12
Changes: 02/03/2017 10:02 (59), 08/10/2020 09:12 (6)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.