Lucene search

[email protected]CVE-2021-27001

HistoryOct 19, 2021 - 3:15 p.m.

CVE-2021-27001

2021-10-1915:15:07

[email protected]

web.nvd.nist.gov

clustered data ontap

vulnerability

cve-2021-27001

nvd

compliance-mode worm data

retention period

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.

Affected configurations

NVD

Node

netappclustered_data_ontapRange9.0–9.4

netappclustered_data_ontapMatch9.5-

netappclustered_data_ontapMatch9.5p12

netappclustered_data_ontapMatch9.5p13

netappclustered_data_ontapMatch9.5p14

netappclustered_data_ontapMatch9.5p15

netappclustered_data_ontapMatch9.5p16

netappclustered_data_ontapMatch9.5p17

netappclustered_data_ontapMatch9.5p6

netappclustered_data_ontapMatch9.5p8

netappclustered_data_ontapMatch9.5p9

netappclustered_data_ontapMatch9.6-

netappclustered_data_ontapMatch9.6p1

netappclustered_data_ontapMatch9.6p12

netappclustered_data_ontapMatch9.6p15

netappclustered_data_ontapMatch9.6p3

netappclustered_data_ontapMatch9.6p4

netappclustered_data_ontapMatch9.6p7

netappclustered_data_ontapMatch9.6p8

netappclustered_data_ontapMatch9.6p9

netappclustered_data_ontapMatch9.7-

netappclustered_data_ontapMatch9.7p12

netappclustered_data_ontapMatch9.7p13

netappclustered_data_ontapMatch9.7p14

netappclustered_data_ontapMatch9.7p7

netappclustered_data_ontapMatch9.7p9

netappclustered_data_ontapMatch9.7rc1

netappclustered_data_ontapMatch9.8-

netappclustered_data_ontapMatch9.8p3

netappclustered_data_ontapMatch9.8p5

netappclustered_data_ontapMatch9.9.1-

CPENameOperatorVersion
netapp:clustered_data_ontapnetapp clustered data ontaple9.4
netapp:clustered_data_ontapnetapp clustered data ontapeq9.5
netapp:clustered_data_ontapnetapp clustered data ontapeq9.6
netapp:clustered_data_ontapnetapp clustered data ontapeq9.7
netapp:clustered_data_ontapnetapp clustered data ontapeq9.8
netapp:clustered_data_ontapnetapp clustered data ontapeq9.9.1

CPE	Name	Operator	Version
netapp:clustered_data_ontap	netapp clustered data ontap	le	9.4
netapp:clustered_data_ontap	netapp clustered data ontap	eq	9.5
netapp:clustered_data_ontap	netapp clustered data ontap	eq	9.6
netapp:clustered_data_ontap	netapp clustered data ontap	eq	9.7
netapp:clustered_data_ontap	netapp clustered data ontap	eq	9.8
netapp:clustered_data_ontap	netapp clustered data ontap	eq	9.9.1

CNA Affected

[
  {
    "product": "Clustered Data ONTAP",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2"
      }
    ]
  }
]

References

security.netapp.com/advisory/ntap-20211018-0001

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-27001

nvd1 cvelist1 prion1