CVE-2020-8581Incorrect Authorization in Clustered Data Ontap

CWE-863Incorrect Authorization3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 53.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netapp Clustered Data Ontap
Timeline
PublishedJan 19
Latest updateMay 24

Description

Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDnetapp/clustered_data_ontap9.49.5+2
CVEListV5netapp/clustered_data_ontapVersions prior to 9.3P20 and 9.5

🔴Vulnerability Details

2
GHSA
GHSA-8hcf-r5xh-7r38: Clustered Data ONTAP versions prior to 92022-05-24
CVEList
CVE-2020-8581: Clustered Data ONTAP versions prior to 92021-01-19
CVE-2020-8581 — Incorrect Authorization | cvebase