CVE-2020-8578

Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the remove-private-data parameter is set to true.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
netappCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
netappclustered_data_ontap
𝑥
< 9.3
netappclustered_data_ontap
9.3
netappclustered_data_ontap
9.3:p1
netappclustered_data_ontap
9.3:p10
netappclustered_data_ontap
9.3:p2
netappclustered_data_ontap
9.3:p3
netappclustered_data_ontap
9.3:p4
netappclustered_data_ontap
9.3:p5
netappclustered_data_ontap
9.3:p6
netappclustered_data_ontap
9.3:p7
netappclustered_data_ontap
9.3:p8
netappclustered_data_ontap
9.3:p9
netappclustered_data_ontap
9.3:rc1
𝑥
= Vulnerable software versions
References
https://security.netapp.com/advisory/NTAP-20210208-0002/
https://security.netapp.com/advisory/NTAP-20210208-0002/