Remote Desktop Session Vulnerability in NetApp Virtual Desktop Service
CVE-2021-27007

9.8CRITICAL

Key Information:

Vendor: Netapp
Status: Netapp Virtual Desktop Service (vds)
Vendor: CVE Published:; 23 December 2021

What is CVE-2021-27007?

The NetApp Virtual Desktop Service (VDS), when deployed with an HTML5 gateway, is affected by a vulnerability that could enable an unauthenticated attacker to seize control of an active Remote Desktop Session. This flaw can pose significant risks to user data and network integrity, necessitating immediate attention and remediation measures to protect users and systems.

Affected Version(s)

NetApp Virtual Desktop Service (VDS) NetApp Virtual Desktop Service (VDS) with Local Control Plane versions prior to 6.1.21356.1837

References

https://security.netapp.com/advisory/ntap-20211223-0008/

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2021
Vulnerability Reserved
Feb 9, 2021

Netapp

What is CVE-2021-27007?

Affected Version(s)

References

CVSS V3.1

Timeline