CVE-2015-7746 NetApp Data ONTAP Authentication Bypass Vulnerability (NTAP-20151112-0001)

漏洞类别:General remote services



NetApp Data ONTAP is a data management software which allows unifying storage infrastructures across flash, disk and cloud.

NetApp Data ONTAP operating in 7-Mode allows unauthorized information disclosure or modification on volumes that have “.UTF-8” appended to the volume language.

Affected Versions:
NetApp Data ONTAP versions prior to 8.2.4, when operating in 7-Mode

QID Detection Logic:
This QID gets vulnerable version of NetApp ONTAP either via HTTP Banner or SNMP

NOTE:This vulnerability affects devices that are operating in 7-Mode and have “.UTF-8” appended to the volume language.


An unauthenticated, remote attacker could exploit this vulnerability to retrieve sensitive information or modify volumes.


Customers are advised to refer to NTAP-20151112-0001 for more information about patching this vulnerability.

Following are links for downloading patches to fix the vulnerabilities:


Leave a Reply