CVE-2019-18805

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0740	Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11	Mailing List Patch Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78	Mailing List Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20191205-0001/	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0740	Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11	Mailing List Patch Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78	Mailing List Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20191205-0001/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.1:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.1:rc3::::::
	cpe:2.3:o:linux:linux_kernel:5.1:rc4::::::
	cpe:2.3:o:linux:linux_kernel:5.1:rc5::::::
	cpe:2.3:o:linux:linux_kernel:5.1:rc6::::::
	cpe:2.3:o:linux:linux_kernel:5.1:rc7::::::

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:leap:15.0:::::::*
	cpe:2.3:o:opensuse:leap:15.1:::::::*

Configuration 3 (hide)

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:data_availability_services:-:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::
	cpe:2.3:a:netapp:hci_management_node:-:::::::*
	cpe:2.3:a:netapp:solidfire:-:::::::*
	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*
	cpe:2.3:h:netapp:hci_compute_node:-:::::::*
	cpe:2.3:h:netapp:hci_storage_node:-:::::::*
	cpe:2.3:o:broadcom:fabric_operating_system:-:::::::*

Configuration 5 (hide)

AND

cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:33

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html - Mailing List, Third Party Advisory
References	~~() http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html - Mailing List, Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2020:0740 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2020:0740 - Third Party Advisory
References	~~() https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11 - Mailing List, Patch, Vendor Advisory~~	() https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11 - Mailing List, Patch, Vendor Advisory
References	~~() https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78 - Mailing List, Patch, Vendor Advisory~~	() https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78 - Mailing List, Patch, Vendor Advisory
References	~~() https://security.netapp.com/advisory/ntap-20191205-0001/ - Third Party Advisory~~	() https://security.netapp.com/advisory/ntap-20191205-0001/ - Third Party Advisory

22 Jun 2021, 14:47

Type	Values Removed	Values Added
CPE	cpe:2.3:o:netapp:brocade_fabric_os:-:::::::*	cpe:2.3:o:broadcom:fabric_operating_system:-:::::::*

02 Jun 2021, 15:29

Type	Values Removed	Values Added
References	~~(MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11 - Mailing List, Vendor Advisory~~	(MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11 - Mailing List, Patch, Vendor Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html -~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html - Mailing List, Third Party Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20191205-0001/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20191205-0001/ - Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2020:0740 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2020:0740 - Third Party Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html -~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html - Mailing List, Third Party Advisory
CPE		cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere:: cpe:2.3:o:netapp:fas8700_firmware:-:::::::* cpe:2.3:h:netapp:fas8700:-:::::::* cpe:2.3:o:linux:linux_kernel:5.1:rc6:::::: cpe:2.3:o:opensuse:leap:15.0:::::::* cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::* cpe:2.3:o:netapp:brocade_fabric_os:-:::::::* cpe:2.3:o:linux:linux_kernel:5.1:rc7:::::: cpe:2.3:o:netapp:aff_a400_firmware:-:::::::* cpe:2.3:a:netapp:hci_management_node:-:::::::* cpe:2.3:a:netapp:data_availability_services:-:::::::* cpe:2.3:h:netapp:aff_a400:-:::::::* cpe:2.3:o:netapp:h610s_firmware:-:::::::* cpe:2.3:h:netapp:fas8300:-:::::::* cpe:2.3:a:netapp:solidfire:-:::::::* cpe:2.3:h:netapp:hci_compute_node:-:::::::* cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:netapp:aff_a700s_firmware:-:::::::* cpe:2.3:h:netapp:hci_storage_node:-:::::::* cpe:2.3:o:linux:linux_kernel:5.1:rc5:::::: cpe:2.3:o:linux:linux_kernel:5.1:rc1:::::: cpe:2.3:a:netapp:e-series_santricity_os_controller:::::::: cpe:2.3:o:linux:linux_kernel:5.1:rc2:::::: cpe:2.3:h:netapp:h610s:-:::::::* cpe:2.3:o:linux:linux_kernel:5.1:rc3:::::: cpe:2.3:o:netapp:fas8300_firmware:-:::::::* cpe:2.3:h:netapp:aff_a700s:-:::::::* cpe:2.3:o:opensuse:leap:15.1:::::::* cpe:2.3:o:linux:linux_kernel:5.1:rc4::::::

Information

Published : 2019-11-07 14:15

Updated : 2024-11-21 04:33

NVD link : CVE-2019-18805

Mitre link : CVE-2019-18805

CVE.ORG link : CVE-2019-18805

JSON object : View

Products Affected

netapp

aff_a400_firmware
fas8700_firmware
h610s
fas8300_firmware
hci_storage_node
hci_management_node
fas8300
fas8700
e-series_santricity_os_controller
h610s_firmware
active_iq_unified_manager
steelstore_cloud_integrated_storage
data_availability_services
hci_compute_node
solidfire
aff_a700s_firmware
aff_a400
aff_a700s

opensuse

leap

linux

linux_kernel

broadcom

fabric_operating_system

redhat

enterprise_linux

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2019-18805", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-11-07T14:15:11.067", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0740", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20191205-0001/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0740", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20191205-0001/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6."}, {"lang": "es", "value": "Se detect\u00f3 un problema en el archivo net/ipv4/sysctl_net_ipv4.c en el kernel de Linux versiones anteriores a 5.0.11. Se presenta un desbordamiento de enteros firmado del archivo net/ipv4/tcp_input.c en la funci\u00f3n tcp_ack_update_rtt() cuando el espacio de usuario escribe un entero muy grande en /proc/sys/net/ipv4/tcp_min_rtt_wlen, lo que conlleva a una denegaci\u00f3n de servicio o posiblemente a otro impacto no especificado, tambi\u00e9n se conoce como CID -19fad20d15a6."}], "lastModified": "2024-11-21T04:33:36.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49884052-E8FD-49E4-A9F3-D0964EB0AC31", "versionEndExcluding": "4.4.180", "versionStartIncluding": "4.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF6AB36D-D9AC-4381-88AF-CC4FDA5EC98E", "versionEndExcluding": "4.9.172", "versionStartIncluding": "4.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3562ABD-4F11-4BD1-9BBD-417B7BC9BCF3", "versionEndExcluding": "4.14.115", "versionStartIncluding": "4.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48FBE002-61C1-4569-B850-E15BD2DBA143", "versionEndExcluding": "4.19.38", "versionStartIncluding": "4.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C23FEFDF-76B5-46C0-9481-CE70EBDB7BFE", "versionEndExcluding": "5.0.11", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2258D313-BAF7-482D-98E0-79F2A448287B"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1578A37C-C7CC-4B36-8668-6A1AED63B0A8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49BD6839-AB64-48DA-9D1D-18B4508AF652"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1E5129A-F85C-432A-988D-6C3ED03EC04D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0669A9F1-3BFF-4E5A-BEF7-9F2A627CEF03"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CC18FCC-3F69-4A7E-9F29-4C4504E83B4D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12A5D914-5CEB-4D3F-A903-6F1FAD82A125"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "vulnerable": true, "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"}, {"criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EF46487-B64A-454E-AECC-D74B83170ACD"}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD1E9594-C46F-40D1-8BC2-6B16635B55C4", "versionEndIncluding": "11.60.3", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953"}, {"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"}, {"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D"}, {"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B"}, {"criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521"}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "952F55C9-7E7C-4539-9D08-E736B3488569"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9FED1B0D-F901-413A-85D9-05D4C427570D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89706810-031B-49F0-B353-FD27FD7B2776"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "03BCC59D-C782-4149-B6DC-5DDAFAB48F2D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDD1E822-1EA6-4E62-A58B-2378149D20DC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E07EAE5F-B1B5-4FDA-9B50-8CB1D2AFC5A0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F3E70A56-DBA8-45C7-8C49-1A036501156F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

9.8 /10