PT-2021-17226 · Netapp · Netapp Clustered Data Ontap

Published

2021-10-19

Updated

2022-07-12

CVE-2021-27001

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: NetApp Clustered Data ONTAP versions prior to 9.5P18 NetApp Clustered Data ONTAP versions prior to 9.6P16 NetApp Clustered Data ONTAP versions prior to 9.7P16 NetApp Clustered Data ONTAP versions prior to 9.8P7 NetApp Clustered Data ONTAP versions prior to 9.9.1P2

Description: The issue allows an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.

Recommendations: For versions prior to 9.5P18, update to 9.5P18 or later. For versions prior to 9.6P16, update to 9.6P16 or later. For versions prior to 9.7P16, update to 9.7P16 or later. For versions prior to 9.8P7, update to 9.8P7 or later. For versions prior to 9.9.1P2, update to 9.9.1P2 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-27001

Affected Products

Netapp Clustered Data Ontap

PT-2021-17226 · Netapp · Netapp Clustered Data Ontap

CVE-2021-27001

Related Identifiers

Affected Products

References · 3