CVE-2023-27317
Last modified
CVE-2023-27317 is a medium-severity vulnerability rated 4.6/10 on the CVSS scale. ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives. EPSS estimates a 0.40% chance of exploitation in the next 30 days.
Description
ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives.
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Netapp | Ontap | 9.12.1 | P8 |
| Netapp | Ontap | 9.13.1 | P4 |
References
- https://security.netapp.com/advisory/NTAP-20231215-0001/Vendor Advisory
- https://security.netapp.com/advisory/NTAP-20231215-0001/Vendor Advisory
- https://security.netapp.com/advisory/NTAP-20231215-0001/Vendor Advisory
- https://security.netapp.com/advisory/ntap-20231215-0001/Vendor Advisory
- https://security.netapp.com/advisory/ntap-20231215-0001/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-27317?
How severe is CVE-2023-27317?
How do I fix CVE-2023-27317?
Are you affected by CVE-2023-27317?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST