Description
Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.
Published: 2026-06-03
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Active IQ Config Advisor version 6.7.3 contains hard‑coded credentials that allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.

Affected Systems

NetApp Active IQ Config Advisor 6.7.3.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. The EPSS score of <1% indicates a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. This flaw requires authenticated low‑privilege access to invoke AutoSupport functionality, giving the attacker the ability to trigger support processes.

Generated by OpenCVE AI on June 4, 2026 at 17:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest security update for NetApp Active IQ Config Advisor to remove hard‑coded credentials.
  • Configure AutoSupport operations to use least‑privilege accounts and restrict the credential scope to only those services that require it.
  • Manually audit and delete any residual hard‑coded credential files or configurations, and replace them with secure secret management solutions.

Generated by OpenCVE AI on June 4, 2026 at 17:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Netapp
Netapp active Iq Config Advisor
Vendors & Products Netapp
Netapp active Iq Config Advisor

Thu, 04 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Title Hard‑coded Credentials Enable Unauthorized AutoSupport Operations in NetApp Active IQ Config Advisor

Thu, 04 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
Title Hard‑coded Credentials Allow Unauthorized AutoSupport Operations in NetApp Active IQ Config Advisor 6.7.3
Weaknesses CWE-798

Thu, 04 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-259
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Title Hard‑coded Credentials Allow Unauthorized AutoSupport Operations in NetApp Active IQ Config Advisor 6.7.3
Weaknesses CWE-798

Wed, 03 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Description Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

Netapp Active Iq Config Advisor
cve-icon MITRE

Status: PUBLISHED

Assigner: netapp

Published:

Updated: 2026-06-04T13:14:19.526Z

Reserved: 2026-01-05T22:47:18.702Z

Link: CVE-2026-22054

cve-icon Vulnrichment

Updated: 2026-06-04T13:14:08.841Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-03T22:16:34.343

Modified: 2026-06-04T15:48:43.743

Link: CVE-2026-22054

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T10:11:17Z

Weaknesses
  • CWE-259

    Use of Hard-coded Password