PT-2017-18020 · Netapp · Netapp Clustered Data Ontap

Published

2017-07-17

Updated

2017-08-08

CVE-2017-7947

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions NetApp Clustered Data ONTAP versions prior to 8.3.2P11 NetApp Clustered Data ONTAP version 9.0 before P4 NetApp Clustered Data ONTAP version 9.1 before P5

Description The issue allows attackers to obtain sensitive password information. This is achieved by leveraging the logging of passwords entered non-interactively on the command line.

Recommendations For versions prior to 8.3.2P11, update to version 8.3.2P11 or later. For version 9.0 before P4, update to version 9.0 P4 or later. For version 9.1 before P5, update to version 9.1 P5 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-7947

Affected Products

Netapp Clustered Data Ontap

PT-2017-18020 · Netapp · Netapp Clustered Data Ontap

CVE-2017-7947

Weakness Enumeration

Related Identifiers

Affected Products

References · 3