CVE-2024-21982

Summary

ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user.

Affected Software

VendorProductVersion RangeStatus
NetAppONTAP 99.4 < 9.8P21affected
NetAppONTAP 99.9.1 < 9.9.1P18affected
NetAppONTAP 99.10.1 < 9.10.1P16affected
NetAppONTAP 99.11.1 < 9.11.1P13affected
NetAppONTAP 99.12.1 < 9.12.1P8affected
NetAppONTAP 99.13.1 < 9.13.1P4affected

Weaknesses

  • 201

Workarounds

Avoid use of the advanced privilege object-store profiler command to test object store connections on unfixed versions of ONTAP.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References