Vulnerability Name:

CVE-2020-8576 (CCN-187704)

Assigned:2020-09-02
Published:2020-09-02
Updated:2021-07-21
Summary:Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information.
CVSS v3 Severity:5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
4.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
5.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-863
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2020-8576

Source: XF
Type: UNKNOWN
netapp-cve20208576-sec-bypass(187704)

Source: CCN
Type: NetApp Advisory Number NTAP-20200902-0001
CVE-2020-8576 Sensitive Information Disclosure Vulnerability in Clustered Data ONTAP

Source: MISC
Type: Vendor Advisory
https://security.netapp.com/advisory/NTAP-20200902-0001/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:netapp:clustered_data_ontap:9.3:-:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p1:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p10:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p11:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p12:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p12d3:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p13:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p14:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p14d3:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p15:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p15d7:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p2:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p3:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p4:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p5:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p6:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p7:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p8:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p9:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:rc1:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p19:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p16:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p18:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:-:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p10:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p1:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p10d1:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p10d2:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p17d1:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p17:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p18d1:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p7d5:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.3:p7d4:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p14:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p13:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p12:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p11:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p9:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p8:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p7:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p6:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p5:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p4:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p3:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p2:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p2d1:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p3d5:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p3d6:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p3d12:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p4d1:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p4d3:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p5d5:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:-:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p5:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p4:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p3:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p2:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p1:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:d2:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p9d3:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p9d4:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p9d5:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p11d2:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p11d3:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p11d4:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p12d1:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p12d4:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p13d1:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p4d2:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p4d1:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p5d2:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p6d3:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p8d3:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p3d7:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p3d4:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:p1d1:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:rc1:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p9:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p5d6:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p5d8:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p6d1:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p6d2:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p6d3:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p6d6:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p6d7:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p8d1:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p7d1:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p8:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p7:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:p6:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.7:rc1:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:rc1:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.6:rc2:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:netapp:clustered_data_ontap:*:*:*:*:*:*:*:* (Version <= 9.3)

    • Configuration CCN 1:
  • cpe:/a:netapp:clustered_data_ontap:9.3:-:*:*:*:*:*:*
  • OR cpe:/o:netapp:clustered_data_ontap:9.6:-:*:*:*:*:*:*
  • OR cpe:/a:netapp:clustered_data_ontap:9.5:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    netapp clustered data ontap 9.3 -
    netapp clustered data ontap 9.3 p1
    netapp clustered data ontap 9.3 p10
    netapp clustered data ontap 9.3 p11
    netapp clustered data ontap 9.3 p12
    netapp clustered data ontap 9.3 p12d3
    netapp clustered data ontap 9.3 p13
    netapp clustered data ontap 9.3 p14
    netapp clustered data ontap 9.3 p14d3
    netapp clustered data ontap 9.3 p15
    netapp clustered data ontap 9.3 p15d7
    netapp clustered data ontap 9.3 p2
    netapp clustered data ontap 9.3 p3
    netapp clustered data ontap 9.3 p4
    netapp clustered data ontap 9.3 p5
    netapp clustered data ontap 9.3 p6
    netapp clustered data ontap 9.3 p7
    netapp clustered data ontap 9.3 p8
    netapp clustered data ontap 9.3 p9
    netapp clustered data ontap 9.3 rc1
    netapp clustered data ontap 9.3 p19
    netapp clustered data ontap 9.3 p16
    netapp clustered data ontap 9.3 p18
    netapp clustered data ontap 9.5 -
    netapp clustered data ontap 9.5 p10
    netapp clustered data ontap 9.5 p1
    netapp clustered data ontap 9.5 p10d1
    netapp clustered data ontap 9.5 p10d2
    netapp clustered data ontap 9.3 p17d1
    netapp clustered data ontap 9.3 p17
    netapp clustered data ontap 9.3 p18d1
    netapp clustered data ontap 9.3 p7d5
    netapp clustered data ontap 9.3 p7d4
    netapp clustered data ontap 9.5 p14
    netapp clustered data ontap 9.5 p13
    netapp clustered data ontap 9.5 p12
    netapp clustered data ontap 9.5 p11
    netapp clustered data ontap 9.5 p9
    netapp clustered data ontap 9.5 p8
    netapp clustered data ontap 9.5 p7
    netapp clustered data ontap 9.5 p6
    netapp clustered data ontap 9.5 p5
    netapp clustered data ontap 9.5 p4
    netapp clustered data ontap 9.5 p3
    netapp clustered data ontap 9.5 p2
    netapp clustered data ontap 9.6 p2d1
    netapp clustered data ontap 9.6 p3d5
    netapp clustered data ontap 9.6 p3d6
    netapp clustered data ontap 9.6 p3d12
    netapp clustered data ontap 9.6 p4d1
    netapp clustered data ontap 9.6 p4d3
    netapp clustered data ontap 9.6 p5d5
    netapp clustered data ontap 9.6 -
    netapp clustered data ontap 9.6 p5
    netapp clustered data ontap 9.6 p4
    netapp clustered data ontap 9.6 p3
    netapp clustered data ontap 9.6 p2
    netapp clustered data ontap 9.6 p1
    netapp clustered data ontap 9.6 d2
    netapp clustered data ontap 9.5 p9d3
    netapp clustered data ontap 9.5 p9d4
    netapp clustered data ontap 9.5 p9d5
    netapp clustered data ontap 9.5 p11d2
    netapp clustered data ontap 9.5 p11d3
    netapp clustered data ontap 9.5 p11d4
    netapp clustered data ontap 9.5 p12d1
    netapp clustered data ontap 9.5 p12d4
    netapp clustered data ontap 9.5 p13d1
    netapp clustered data ontap 9.5 p4d2
    netapp clustered data ontap 9.5 p4d1
    netapp clustered data ontap 9.5 p5d2
    netapp clustered data ontap 9.5 p6d3
    netapp clustered data ontap 9.5 p8d3
    netapp clustered data ontap 9.5 p3d7
    netapp clustered data ontap 9.5 p3d4
    netapp clustered data ontap 9.5 p1d1
    netapp clustered data ontap 9.5 rc1
    netapp clustered data ontap 9.6 p9
    netapp clustered data ontap 9.6 p5d6
    netapp clustered data ontap 9.6 p5d8
    netapp clustered data ontap 9.6 p6d1
    netapp clustered data ontap 9.6 p6d2
    netapp clustered data ontap 9.6 p6d3
    netapp clustered data ontap 9.6 p6d6
    netapp clustered data ontap 9.6 p6d7
    netapp clustered data ontap 9.6 p8d1
    netapp clustered data ontap 9.6 p7d1
    netapp clustered data ontap 9.6 p8
    netapp clustered data ontap 9.6 p7
    netapp clustered data ontap 9.6 p6
    netapp clustered data ontap 9.7 rc1
    netapp clustered data ontap 9.6 rc1
    netapp clustered data ontap 9.6 rc2
    netapp clustered data ontap *
    netapp clustered data ontap 9.3 -
    netapp clustered data ontap 9.6
    netapp clustered data ontap 9.5 -