CVE-2024-21982

Name of the Vulnerable Software and Affected Versions: ONTAP versions 9.4 and higher

Description: The issue is related to the Object-Store Profiler Command Handler component in the Clustered Data ONTAP operating system for data storage systems. It involves the disclosure of sensitive information during data transmission. When exploited, this could allow a remote attacker to gain unauthorized access to protected information by executing commands with administrative privileges. The vulnerability can be exploited when the object-store profiler command is run by an administrative user.

Recommendations: For ONTAP versions 9.4 and higher, consider restricting access to the object-store profiler command to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the execution of commands with administrative privileges to necessary cases only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.