CVE-2016-1563

Name of the Vulnerable Software and Affected Versions NetApp Clustered Data ONTAP version 8.3.1

Description The issue arises from the improper verification of X.509 certificates from TLS servers, allowing man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. This can enable a remote attacker to substitute servers or gain confidential information by using a specially formed certificate.

Recommendations For NetApp Clustered Data ONTAP version 8.3.1, consider updating the system to a version that properly verifies X.509 certificates from TLS servers to prevent man-in-the-middle attacks. As a temporary workaround, restrict access to sensitive information and consider disabling TLS connections until a patch is available.