PT-2005-4137 · Network Appliance · Data Ontap

Thomas H. Ptacek

Published

2005-10-27

Updated

2016-10-18

CVE-2005-3327

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Network Appliance Data ONTAP versions 7.0 and earlier

Description The issue allows iSCSI Initiators to bypass iSCSI authentication by using a modified client. This client skips the Security (Start) mode, as required by the Login Negotiation protocol, and uses Operational mode without proving identity.

Recommendations For versions 7.0 and earlier, consider restricting access to iSCSI Initiators to minimize the risk of exploitation until a fix is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3327

Affected Products

Data Ontap

PT-2005-4137 · Network Appliance · Data Ontap

CVE-2005-3327

Related Identifiers

Affected Products

References · 7