CVE-2024-21989 — Improper Privilege Management in Ontap Select Deploy Administration Utility

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

8.8HIGHNVD

CNA8.1

EPSS

0.2%

top 59.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Ontap Select Deploy Administration Utility

Timeline

PublishedApr 17

Description

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate their privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5netapp/ontap_select_deploy_administration_utility9.12.1 — 9.14.1P2

▶NVDnetapp/ontap_select_deploy_administration_utility9.12.1 — 9.14.1

🔴Vulnerability Details

CVEList

Privilege Escalation Vulnerability in ONTAP Select Deploy administration utility↗2024-04-17

▶

GHSA

GHSA-hpq6-rxm7-x3v4: ONTAP Select Deploy administration utility versions 9↗2024-04-17

▶