CVE-2018-5498 - Vulnerability Details - OpenCVE

Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netapp	Clustered Data Ontap

Configuration 1 [-]

cpe:2.3:a:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.netapp.com/advisory/ntap-20190115-0001/

History

No history.

MITRE

Status: PUBLISHED

Assigner: netapp

Published: 2019-02-01T16:00:00Z

Updated: 2024-09-17T01:41:44.338Z

Reserved: 2018-01-12T00:00:00

Link: CVE-2018-5498

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-02-01T16:29:00.410

Modified: 2024-11-21T04:08:55.260

Link: CVE-2018-5498

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Clustered Data ONTAP", "vendor": "NetApp", "versions": [{"status": "affected", "version": "Versions 9.0 and higher"}]}], "datePublic": "2019-01-15T00:00:00", "descriptions": [{"lang": "en", "value": "Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-02-01T15:57:01", "orgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "shortName": "netapp"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190115-0001/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@netapp.com", "DATE_PUBLIC": "2019-01-15T00:00:00", "ID": "CVE-2018-5498", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Clustered Data ONTAP", "version": {"version_data": [{"version_value": "Versions 9.0 and higher"}]}}]}, "vendor_name": "NetApp"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "https://security.netapp.com/advisory/ntap-20190115-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190115-0001/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:40:50.572Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190115-0001/"}]}]}, "cveMetadata": {"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "assignerShortName": "netapp", "cveId": "CVE-2018-5498", "datePublished": "2019-02-01T16:00:00Z", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2024-09-17T01:41:44.338Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "08358142-EA56-43EE-BA79-C73758C0774C", "versionEndIncluding": "9.4", "versionStartIncluding": "9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access."}, {"lang": "es", "value": "Clustered Data ONTAP, desde la versi\u00f3n 9.0 hasta la 9.4, es susceptible a una vulnerabilidad que permite a los atacantes autenticados de manera remota provocar una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en entornos NFS y SMB. La explotaci\u00f3n de esta vulnerabilidad permitir\u00e1 a un atacante remoto autenticado causar una denegaci\u00f3n de servicio (DoS) en las versiones afectadas de Clustered Data ONTAP que est\u00e9n configuradas para el acceso multiprotocolo."}], "id": "CVE-2018-5498", "lastModified": "2024-11-21T04:08:55.260", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 0.7, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-01T16:29:00.410", "references": [{"source": "security-alert@netapp.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190115-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190115-0001/"}], "sourceIdentifier": "security-alert@netapp.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}