CVE-2020-8578

Published: Feb 8, 2021Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.

Affected (13)

Products: Netapp: Clustered Data Ontap

Netapp

1 product

Clustered Data Ontap

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Netapp Clustered Data Ontap	Before 9.3
Netapp Clustered Data Ontap	Version 9.3
Netapp Clustered Data Ontap	Version 9.3 p10
Netapp Clustered Data Ontap	Version 9.3 p1
Netapp Clustered Data Ontap	Version 9.3 p2
Netapp Clustered Data Ontap	Version 9.3 p3
Netapp Clustered Data Ontap	Version 9.3 p4
Netapp Clustered Data Ontap	Version 9.3 p5
Netapp Clustered Data Ontap	Version 9.3 p6
Netapp Clustered Data Ontap	Version 9.3 p7
Netapp Clustered Data Ontap	Version 9.3 p8
Netapp Clustered Data Ontap	Version 9.3 p9
Netapp Clustered Data Ontap	Version 9.3 rc1

References (2)

https://security.netapp.com/advisory/NTAP-20210208-0002/

Source: security-alert@netapp.com

Vendor Advisory

https://security.netapp.com/advisory/NTAP-20210208-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.