Lucene search

NetappVULNRICHMENT:CVE-2024-21990

HistoryApr 17, 2024 - 7:35 p.m.

CVE-2024-21990 Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility

2024-04-1719:35:23

CWE-259

netapp

github.com

ontap select deploy

default privileged account

credentials

vulnerability

9.12.1.x

9.13.1.x

9.14.1.x

hard-coded

configuration information

modify

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

ONTAP Select Deploy administration utility versions 9.12.1.x,
9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an
attacker to view Deploy configuration information and modify the
account credentials.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ONTAP Select Deploy administration utility",
    "vendor": "NetApp",
    "versions": [
      {
        "lessThanOrEqual": "9.14.1P2",
        "status": "affected",
        "version": "9.12.1",
        "versionType": "patch"
      }
    ]
  }
]

References

security.netapp.com/advisory/ntap-20240411-0002/

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for VULNRICHMENT:CVE-2024-21990