CVE-2024-21990 — Use of Hard-coded Password in Ontap Select Deploy Administration Utility

CWE-259 — Use of Hard-coded Password CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

9.8CRITICALNVD

CNA5.4

EPSS

0.2%

top 57.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Ontap Select Deploy Administration Utility

Timeline

PublishedApr 17

Description

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5netapp/ontap_select_deploy_administration_utility9.12.1 — 9.14.1P2

▶NVDnetapp/ontap_select_deploy_administration_utility9.12.1 — 9.14.1

🔴Vulnerability Details

GHSA

GHSA-f792-xp3g-685x: ONTAP Select Deploy administration utility versions 9↗2024-04-17

▶

CVEList

Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility↗2024-04-17

▶