CVE-2024-21988

CWE-3473 documents3 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 81.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Storagegrid (formerly Storagegrid Webscale)Netapp Storagegrid

Timeline

PublishedJun 14

Latest updateJun 15

Description

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic implementation.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5netapp/storagegrid_(formerly_storagegrid_webscale)< 11.7.0.9+1

▶NVDnetapp/storagegrid11.8.0 — 11.8.0.5+1

Patches

Patch: security.netapp.com ↗Patch: security.netapp.com ↗

🔴Vulnerability Details

GHSA

GHSA-9x5q-pwr2-hwvp: StorageGRID (formerly StorageGRID Webscale) versions prior to 11↗2024-06-15

▶

CVEList

CVE-2024-21988 SSH Cryptographic Implementation Vulnerability in StorageGRID (formerly StorageGRID Webscale)↗2024-06-14

▶