CVE-2015-7746 NetApp Data ONTAP Authentication Bypass Vulnerability (NTAP-20151112-0001)

漏洞类别:General remote services

漏洞等级: 

漏洞信息

NetApp Data ONTAP is a data management software which allows unifying storage infrastructures across flash, disk and cloud.

NetApp Data ONTAP operating in 7-Mode allows unauthorized information disclosure or modification on volumes that have “.UTF-8” appended to the volume language.

Affected Versions:
NetApp Data ONTAP versions prior to 8.2.4, when operating in 7-Mode

QID Detection Logic:
This QID gets vulnerable version of NetApp ONTAP either via HTTP Banner or SNMP

NOTE:This vulnerability affects devices that are operating in 7-Mode and have “.UTF-8” appended to the volume language.

漏洞危害

An unauthenticated, remote attacker could exploit this vulnerability to retrieve sensitive information or modify volumes.

解决方案

Customers are advised to refer to NTAP-20151112-0001 for more information about patching this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

NTAP-20151112-0001

Leave a Reply