CVE-2020-8581

Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
netappCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
netappclustered_data_ontap
𝑥
< 9.3
netappclustered_data_ontap
9.4 ≤
𝑥
≤ 9.5
netappclustered_data_ontap
9.3
netappclustered_data_ontap
9.3:p1
netappclustered_data_ontap
9.3:p10
netappclustered_data_ontap
9.3:p2
netappclustered_data_ontap
9.3:p3
netappclustered_data_ontap
9.3:p4
netappclustered_data_ontap
9.3:p5
netappclustered_data_ontap
9.3:p6
netappclustered_data_ontap
9.3:p7
netappclustered_data_ontap
9.3:p8
netappclustered_data_ontap
9.3:p9
𝑥
= Vulnerable software versions
References
https://security.netapp.com/advisory/ntap-20210119-0001/
https://security.netapp.com/advisory/ntap-20210119-0001/