CVE-2024-21985 — HIGH (7.6)

Q: How severe is CVE-2024-21985?

CVE-2024-21985 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-21985?

Check the references section above for vendor advisories and patch information. Affected products include: Netapp Clustered Data Ontap.

Vulnerability Description

ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege. Possible actions include viewing limited configuration details and metrics or modifying limited settings, some of which could result in a Denial of Service (DoS).

CVSS Score

7.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netapp	Clustered Data Ontap	>= 9.0, < 9.9.1

Related Weaknesses (CWE)

CWE-269

References

https://security.netapp.com/advisory/ntap-20240126-0001/Vendor Advisory
https://security.netapp.com/advisory/ntap-20240126-0001/Vendor Advisory

FAQ

What is CVE-2024-21985?

CVE-2024-21985 is a vulnerability with a CVSS score of 7.6 (HIGH). ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differi...

How severe is CVE-2024-21985?

CVE-2024-21985 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-21985?

Check the references section above for vendor advisories and patch information. Affected products include: Netapp Clustered Data Ontap.