NetApp System Manager up to 9.7P15/9.8P6/9.9.1P1 iSCSI CHAP Credential missing encryption

Summaryinfo

A vulnerability labeled as problematic has been found in NetApp System Manager up to 9.7P15/9.8P6/9.9.1P1. This issue affects some unknown processing of the component iSCSI CHAP Credential Handler. Executing a manipulation can lead to missing encryption. This vulnerability is registered as CVE-2021-27004. The attack needs to be launched locally. No exploit is available. It is advisable to implement a patch to correct this issue.

Detailsinfo

A vulnerability classified as problematic was found in NetApp System Manager up to 9.7P15/9.8P6/9.9.1P1. This vulnerability affects an unknown part of the component iSCSI CHAP Credential Handler. The manipulation with an unknown input leads to a missing encryption vulnerability. The CWE definition for the vulnerability is CWE-311. The product does not encrypt sensitive or critical information before storage or transmission. As an impact it is known to affect confidentiality.

The weakness was published 11/01/2021 as NTAP-20211029-0001. The advisory is shared for download at security.netapp.com. This vulnerability was named CVE-2021-27004 since 02/09/2021. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1600.

Applying the patch 9.7P16/9.8P7/9.9.1P2 is able to eliminate this problem.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• NetApp

Name

• System Manager

Version

• 9.7P15
• 9.8P6
• 9.9.1P1

License

• commercial

Website

• Vendor: https://www.netapp.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion