Vulnerabilities > CVE-2021-27001 - Unspecified vulnerability in Netapp Clustered Data Ontap

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

netapp

NVD

Published: 2021-10-19

Updated: 2022-07-12

Summary

Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.

Vulnerable Configurations

Part	Description	Count
OS	Netapp Netapp Clustered Data Ontap 9.6 Netapp Clustered Data Ontap 9.5 Netapp Clustered Data Ontap 9.7 Netapp Clustered Data Ontap 9.8 Netapp Clustered Data Ontap 9.9.1 Netapp Clustered Data Ontap 9.0 Netapp Clustered Data Ontap 9.1 Netapp Clustered Data Ontap 9.2 Netapp Clustered Data Ontap 9.3 Netapp Clustered Data Ontap 9.4	52

References

https://security.netapp.com/advisory/ntap-20211018-0001