CVE-2023-27317

Name of the Vulnerable Software and Affected Versions ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5

Description The issue affects SAS-attached FIPS 140-2 drives, causing them to become unlocked after a system reboot, power cycle, or reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives.

Recommendations For versions 9.12.1P8, 9.13.1P4, and 9.13.1P5, consider restricting physical access to the drives until a patch is available. As a temporary workaround, consider implementing additional security measures to protect sensitive information stored on the drives. At the moment, there is no information about a newer version that contains a fix for this vulnerability.