Lucene search

NetappCVE-2022-23235

HistoryAug 25, 2022 - 6:15 p.m.

CVE-2022-23235

2022-08-2518:15:09

netapp

web.nvd.nist.gov

cve-2022-23235

active iq unified manager

vulnerability

unauthorized access

telemetry data

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

31.3%

JSON

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled.

Affected configurations

Nvd

Node

netappactive_iq_unified_managerRange<9.10linux

netappactive_iq_unified_managerRange<9.10vmware_vsphere

netappactive_iq_unified_managerRange<9.10windows

netappactive_iq_unified_managerMatch9.10-linux

netappactive_iq_unified_managerMatch9.10-vmware_vsphere

netappactive_iq_unified_managerMatch9.10-windows

VendorProductVersionCPE
netappactive_iq_unified_manager*cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*
netappactive_iq_unified_manager*cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
netappactive_iq_unified_manager*cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
netappactive_iq_unified_manager9.10cpe:2.3:a:netapp:active_iq_unified_manager:9.10:-:*:*:*:linux:*:*
netappactive_iq_unified_manager9.10cpe:2.3:a:netapp:active_iq_unified_manager:9.10:-:*:*:*:vmware_vsphere:*:*
netappactive_iq_unified_manager9.10cpe:2.3:a:netapp:active_iq_unified_manager:9.10:-:*:*:*:windows:*:*

Vendor	Product	Version	CPE
netapp	active_iq_unified_manager	*	cpe:2.3:a:netapp:active_iq_unified_manager::::::linux::*
netapp	active_iq_unified_manager	*	cpe:2.3:a:netapp:active_iq_unified_manager::::::vmware_vsphere::*
netapp	active_iq_unified_manager	*	cpe:2.3:a:netapp:active_iq_unified_manager::::::windows::*
netapp	active_iq_unified_manager	9.10	cpe:2.3:a:netapp:active_iq_unified_manager:9.10:-::::linux::*
netapp	active_iq_unified_manager	9.10	cpe:2.3:a:netapp:active_iq_unified_manager:9.10:-::::vmware_vsphere::*
netapp	active_iq_unified_manager	9.10	cpe:2.3:a:netapp:active_iq_unified_manager:9.10:-::::windows::*

CNA Affected

[
  {
    "product": "Active IQ Unified Manager",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 9.10P1"
      }
    ]
  }
]

References

security.netapp.com/advisory/ntap-20220324-0001/

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

31.3%

JSON

Related for CVE-2022-23235