PT-2016-1645 · Netapp · Netapp Clustered Data Ontap

Published

2016-04-07

Updated

2017-11-16

CVE-2016-1563

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions NetApp Clustered Data ONTAP version 8.3.1

Description The issue arises from the improper verification of X.509 certificates from TLS servers, allowing man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. This can enable a remote attacker to substitute servers or gain confidential information by using a specially formed certificate.

Recommendations For NetApp Clustered Data ONTAP version 8.3.1, consider updating the system to a version that properly verifies X.509 certificates from TLS servers to prevent man-in-the-middle attacks. As a temporary workaround, restrict access to sensitive information and consider disabling TLS connections until a patch is available.

Fix

RCE

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-200

Related Identifiers

BDU:2016-00957

CVE-2016-1563

Affected Products

Netapp Clustered Data Ontap

PT-2016-1645 · Netapp · Netapp Clustered Data Ontap

CVE-2016-1563

Weakness Enumeration

Related Identifiers

Affected Products

References · 6