PT-2024-19141 · Netapp · Ontap Select Deploy Administration Utility
Published
2024-04-17
·
Updated
2024-04-18
·
CVE-2024-21989
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x
Description
The issue allows a read-only user to escalate their privileges when successfully exploited.
Recommendations
For versions 9.12.1.x, consider restricting access to sensitive areas of the administration utility until a patch is available.
For versions 9.13.1.x, restrict privileges to the minimum required for each user to minimize the risk of exploitation.
For versions 9.14.1.x, limit the functionality available to read-only users as a temporary workaround.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ontap Select Deploy Administration Utility