Lucene search

[email protected]CVE-2024-21985

HistoryJan 26, 2024 - 4:15 p.m.

CVE-2024-21985

2024-01-2616:15:22

NVD-CWE-noinfo

CWE-269

[email protected]

web.nvd.nist.gov

ontap

vulnerability

cve

nvd

ontap 9

authentication

rest api

dos

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

7.5 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.7%

JSON

ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10
and 9.13.1P4 are susceptible to a vulnerability which could allow an
authenticated user with multiple remote accounts with differing roles to
perform actions via REST API beyond their intended privilege. Possible
actions include viewing limited configuration details and metrics or
modifying limited settings, some of which could result in a Denial of
Service (DoS).

CPENameOperatorVersion
netapp:clustered_data_ontapnetapp clustered data ontaplt9.9.1
netapp:clustered_data_ontapnetapp clustered data ontapeq9.5
netapp:clustered_data_ontapnetapp clustered data ontapeq9.3
netapp:clustered_data_ontapnetapp clustered data ontapeq9.6
netapp:clustered_data_ontapnetapp clustered data ontapeq9.1
netapp:clustered_data_ontapnetapp clustered data ontapeq9.0
netapp:clustered_data_ontapnetapp clustered data ontapeq9.8
netapp:clustered_data_ontapnetapp clustered data ontapeq9.7
netapp:clustered_data_ontapnetapp clustered data ontapeq9.4
netapp:clustered_data_ontapnetapp clustered data ontapeq9.2

CPE	Name	Operator	Version
netapp:clustered_data_ontap	netapp clustered data ontap	lt	9.9.1
netapp:clustered_data_ontap	netapp clustered data ontap	eq	9.5
netapp:clustered_data_ontap	netapp clustered data ontap	eq	9.3
netapp:clustered_data_ontap	netapp clustered data ontap	eq	9.6
netapp:clustered_data_ontap	netapp clustered data ontap	eq	9.1
netapp:clustered_data_ontap	netapp clustered data ontap	eq	9.0
netapp:clustered_data_ontap	netapp clustered data ontap	eq	9.8
netapp:clustered_data_ontap	netapp clustered data ontap	eq	9.7
netapp:clustered_data_ontap	netapp clustered data ontap	eq	9.4
netapp:clustered_data_ontap	netapp clustered data ontap	eq	9.2

Rows per page:

1-10 of 221

References

security.netapp.com/advisory/ntap-20240126-0001/

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

7.5 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2024-21985

prion1 cvelist1