Data Overwrite Vulnerability in Clustered Data ONTAP by NetApp
CVE-2020-8581

6.5MEDIUM

Key Information:

Vendor: Netapp
Status: Clustered Data Ontap
Vendor: CVE Published:; 19 January 2021

Summary

Clustered Data ONTAP versions prior to 9.3P20 and 9.5 include a vulnerability that allows an authenticated but unauthorized user to overwrite arbitrary data. This occurs when VMware vStorage support is enabled, potentially leading to data corruption and operational disruptions. Organizations using affected versions should ensure they apply the necessary updates to mitigate against these risks.

Affected Version(s)

Clustered Data ONTAP Versions prior to 9.3P20 and 9.5

References

https://security.netapp.com/advisory/ntap-20210119-0001/

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 19, 2021
Vulnerability Reserved
Feb 3, 2020