PT-2005-4137 · Network Appliance · Data Ontap

Thomas H. Ptacek

Publicado

2005-10-27

Atualizado

2016-10-18

CVE-2005-3327

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Network Appliance Data ONTAP versions 7.0 and earlier

Description The issue allows iSCSI Initiators to bypass iSCSI authentication by using a modified client. This client skips the Security (Start) mode, as required by the Login Negotiation protocol, and uses Operational mode without proving identity.

Recommendations For versions 7.0 and earlier, consider restricting access to iSCSI Initiators to minimize the risk of exploitation until a fix is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-3327

Produtos afetados

Data Ontap

PT-2005-4137 · Network Appliance · Data Ontap

CVE-2005-3327

Identificadores relacionados

Produtos afetados

Referências · 7