{"status":"success","advisory":{"_id":"683547265b16347a91c39df4","kb_acknowledgements":null,"kb_affected_list":["FAS/AFF Baseboard Management Controller (BMC) - A320/C190/A220/FAS2720/FAS2750/A800","Service Processor"],"kb_bad_data":false,"kb_cve":["CVE-2019-5500"],"kb_exploitation":"Public","kb_fixes":[{"product":"Service Processor","fixes":[{"link":"https://mysupport.netapp.com/site/downloads/firmware/system-firmware-diagnostics","cves":[]}],"instructions":"Fixed by bug 1069362.\r\nFirst fixed versions include the following: 4.1P3,4.3,5.3,5.1P3,5.1P2,5.4,5.1,4.1P4","wontfix":false,"eos_link":null},{"product":"FAS/AFF Baseboard Management Controller (BMC) - A320/C190/A220/FAS2720/FAS2750/A800","fixes":[{"link":"https://mysupport.netapp.com/site/downloads/firmware/system-firmware-diagnostics","cves":[]}],"instructions":"Fixed by bug 1245265. \r\nFirst fixed versions include the following: 11.4","wontfix":false,"eos_link":null}],"kb_impact":"Exploitation of this vulnerability can allow an attacker to cause a Denial of Service (DoS) on Storage Systems containing affected Service Processor or Baseboard Management Controller firmware.\r\n<br><br>\r\nAffected Platforms: FAS26x0, FAS27x0, FAS8200 or AFF C190, AFF A200, AFF A220, AFF A300\r\n<br><br>\r\nThe vulnerability is addressed by applying patched Service Processor or BMC firmware. An ONTAP update is not required. \r\n<br><br>\r\nWhile the Service Processor and BMC firmware updates require a reboot of the Service Processor or BMC, the process is non-disruptive to ONTAP. ","kb_internal_notes":[{"burt":"1245265","jira":"","product":"FAS/AFF Baseboard Management Controller (BMC) - A320/C190/A220/FAS2720/FAS2750/A800"},{"burt":"1069362","jira":"","product":"Service Processor"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":["https://kb.netapp.com/app/answers/answer_view/a_id/1088404","http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=1083414","http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=1217187","http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=1226558","http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=1243613","http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=1245265"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20190802","version":"1.0"},{"comment":"FAS/AFF Baseboard Management Controller (BMC) added to Software Versions and Fixes, Final status","date":"20191105","version":"2.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2019-5500":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"kb_scoring_calc":[{"cve_id":"CVE-2019-5500","range":"HIGH","score":7.5,"vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"kb_status":"Final","kb_summary":"Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS).","kb_title":"CVE-2019-5500 Denial of Service (DoS) Vulnerability in the NetApp Service Processor and Baseboard Management Controller","kb_unaffected_list":["7-Mode Transition Tool","ATTO FibreBridge - 6500N","Brocade Fabric Operating System Firmware","Cloud Manager","Clustered Data ONTAP","Clustered Data ONTAP Antivirus Connector","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity Storage Manager","E-Series SANtricity Web Services (REST API) for Web Services Proxy","FAS/AFF BIOS","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","MetroCluster Tiebreaker for clustered Data ONTAP","NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in)","NetApp HCI Compute Node (Bootstrap OS)","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp SANtricity SMI-S Provider","NetApp SMI-S Provider","NetApp SolidFire, Enterprise SDS & HCI Storage Node (Element Software)","NetApp Storage Encryption","ONTAP Select Deploy administration utility","OnCommand Insight","OnCommand Workflow Automation","Open Systems SnapVault Agent","Single Mailbox Recovery","Snap Creator Framework","SnapCenter","SnapDrive for Unix","SnapManager for Hyper-V","SnapManager for Oracle","SnapManager for SAP","Storage Services Connector","StorageGRID (formerly StorageGRID Webscale)","System Manager 9.x"],"kb_workarounds":"If possible, the service (wrench) port should be attached to a management network where it would experience lower traffic volume. Contact NetApp Support for help in implementing this solution. ","ntap_advisory_id":"NTAP-20190802-0003","adv_id":"ntap-20190802-0003","published_date":"2019-08-02T00:00:00","updated_date":"2019-11-05T00:00:00","inserted_date":"2025-05-27T05:01:26.610000","modified_date":null}}