NetApp Clustered Data ONTAP Vulnerabilities
NetApp Clustered Data ONTAP Vulnerabilities
NetApp Clustered Data ONTAP Vulnerabilities
Lenovo Security Advisory: LEN-74278
Potential Impact: Arbitrary data modification, information disclosure, denial of service
Severity: Medium
Scope of Impact: Industry-wide
CVE Identifier: CVE-2021-27001, CVE-2021-27004, CVE-2021-27005
Summary Description:
NetApp reported the following vulnerabilities in NetApp Clustered Data ONTAP.
NetApp Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify WORM data prior to the end of the retention period. NTAP-20211018-0001: CVE-2021-27001
NetApp Clustered Data ONTAP versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials. NTAP-20211029-0001: CVE-2021-27004
NetApp Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server. NTAP-20211029-0002: CVE-2021-27005
Mitigation Strategy for Customers (what you should do to protect yourself):
NetApp recommends updating to the appropriate NetApp Clustered Data ONTAP version for your product as indicated in the Product Impact section below.
Lenovo recommends upgrading NetApp Clustered Data ONTAP version 9.5 to a later version or restrict access to the NetApp Clustered Data ONTAP web interface using a firewall.
To download the version specified for your product below, follow these steps:
Navigate to the Drivers & Software support site for your product:
- Lenovo Products (sold worldwide, except in China): https://support.lenovo.com/
- Lenovo Products (sold in China): https://newsupport.lenovo.com.cn/
- IBM-branded System x Legacy Products: https://www.ibm.com/support/fixcentral/
- Search for your product by name or machine type.
- Click Drivers & Software on the left menu panel.
- Click on Manual Update to browse by Component type.
- Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.
Lenovo also offers tools to assist with update management as an alternative to the manual steps described above. Refer to the following for additional help:
PC Products and Software: https://support.lenovo.com/us/en/solutions/ht504759
Server and Enterprise Software: https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd and https://datacentersupport.lenovo.com/us/en/documents/lnvo-center
Click below links to view affected products:
References:
https://security.netapp.com/advisory/ntap-20211018-0001/
https://security.netapp.com/advisory/NTAP-20211029-0001
https://security.netapp.com/advisory/NTAP-20211029-0002
Revision History:
Revision | Date | Description |
---|---|---|
2 | 2021-12-01 | Updated Storage |
1 | 2021-11-09 | Initial release |
For a complete list of all Lenovo Product Security Advisories, click here.
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.
Product Impact:
Product | Component | CVE-2021-27001, CVE-2021-27004, CVE-2021-27005 | CVE-2021-27004, CVE-2021-27005 |
DM120S (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Encrypted) | 9.8P7 | 9.8P7 |
DM120S (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Non-encrypted) | 9.8P7 | 9.8P7 |
DM240N (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Encrypted) | 9.8P7 | 9.8P7 |
DM240N (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Non-encrypted) | 9.8P7 | 9.8P7 |
DM240S (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Encrypted) | 9.8P7 | 9.8P7 |
DM240S (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Non-encrypted) | 9.8P7 | 9.8P7 |
DM3000H (ThinkSystem) | DM Series ONTAP Update Bundle (9.5P15 Encrypted) | 9.7P16 | Not Affected |
DM3000H (ThinkSystem) | DM Series ONTAP Update Bundle (9.5P15 Non-encrypted) | 9.7P16 | Not Affected |
DM3000H (ThinkSystem) | DM Series ONTAP Update Bundle (9.6P12 Encrypted) | 9.6P16 | 9.6P16 |
DM3000H (ThinkSystem) | DM Series ONTAP Update Bundle (9.6P12 Non-encrypted) | 9.6P16 | 9.6P16 |
DM3000H (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Encrypted) | 9.8P7 | 9.8P7 |
DM3000H (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Non-encrypted) | 9.8P7 | 9.8P7 |
DM3000H (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) | 9.7P16 | 9.7P16 |
DM3000H (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) | 9.7P16 | 9.7P16 |
DM3000H (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) | 9.9.1P2 | 9.9.1P4 |
DM3000H (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) | 9.9.1P2 | 9.9.1P4 |
DM5000F (ThinkSystem) | DM Series ONTAP Update Bundle (9.5P15 Encrypted) | 9.7P16 | Not Affected |
DM5000F (ThinkSystem) | DM Series ONTAP Update Bundle (9.5P15 Non-encrypted) | 9.7P16 | Not Affected |
DM5000F (ThinkSystem) | DM Series ONTAP Update Bundle (9.6P12 Encrypted) | 9.6P16 | 9.6P16 |
DM5000F (ThinkSystem) | DM Series ONTAP Update Bundle (9.6P12 Non-encrypted) | 9.6P16 | 9.6P16 |
DM5000F (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Encrypted) | 9.8P7 | 9.8P7 |
DM5000F (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Non-encrypted) | 9.8P7 | 9.8P7 |
DM5000F (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) | 9.7P16 | 9.7P16 |
DM5000F (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) | 9.7P16 | 9.7P16 |
DM5000F (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) | 9.9.1P2 | 9.9.1P4 |
DM5000F (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) | 9.9.1P2 | 9.9.1P4 |
DM5000H (ThinkSystem) | DM Series ONTAP Update Bundle (9.5P15 Encrypted) | 9.7P16 | Not Affected |
DM5000H (ThinkSystem) | DM Series ONTAP Update Bundle (9.5P15 Non-encrypted) | 9.7P16 | Not Affected |
DM5000H (ThinkSystem) | DM Series ONTAP Update Bundle (9.6P12 Encrypted) | 9.6P16 | 9.6P16 |
DM5000H (ThinkSystem) | DM Series ONTAP Update Bundle (9.6P12 Non-encrypted) | 9.6P16 | 9.6P16 |
DM5000H (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Encrypted) | 9.8P7 | 9.8P7 |
DM5000H (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Non-encrypted) | 9.8P7 | 9.8P7 |
DM5000H (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) | 9.7P16 | 9.7P16 |
DM5000H (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) | 9.7P16 | 9.7P16 |
DM5000H (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) | 9.9.1P2 | 9.9.1P4 |
DM5000H (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) | 9.9.1P2 | 9.9.1P4 |
DM5100F (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Encrypted) | 9.8P7 | 9.8P7 |
DM5100F (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Non-encrypted) | 9.8P7 | 9.8P7 |
DM5100F (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) | 9.9.1P2 | 9.9.1P4 |
DM5100F (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) | 9.9.1P2 | 9.9.1P4 |
DM600S (ThinkSystem) | DM Series ONTAP Update Bundle (9.5P15 Encrypted) | 9.7P16 | Not Affected |
DM600S (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Encrypted) | 9.8P7 | 9.8P7 |
DM600S (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Non-encrypted) | 9.8P7 | 9.8P7 |
DM7000F (ThinkSystem) | DM Series ONTAP Update Bundle (9.5P15 Encrypted) | 9.7P16 | Not Affected |
DM7000F (ThinkSystem) | DM Series ONTAP Update Bundle (9.5P15 Non-encrypted) | 9.7P16 | Not Affected |
DM7000F (ThinkSystem) | DM Series ONTAP Update Bundle (9.6P12 Encrypted) | 9.6P16 | 9.6P16 |
DM7000F (ThinkSystem) | DM Series ONTAP Update Bundle (9.6P12 Non-encrypted) | 9.6P16 | 9.6P16 |
DM7000F (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Encrypted) | 9.8P7 | 9.8P7 |
DM7000F (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Non-encrypted) | 9.8P7 | 9.8P7 |
DM7000F (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) | 9.7P16 | 9.7P16 |
DM7000F (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) | 9.7P16 | 9.7P16 |
DM7000F (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) | 9.9.1P2 | 9.9.1P4 |
DM7000F (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) | 9.9.1P2 | 9.9.1P4 |
DM7000H (ThinkSystem) | DM Series ONTAP Update Bundle (9.5P15 Encrypted) | 9.7P16 | Not Affected |
DM7000H (ThinkSystem) | DM Series ONTAP Update Bundle (9.5P15 Non-encrypted) | 9.7P16 | Not Affected |
DM7000H (ThinkSystem) | DM Series ONTAP Update Bundle (9.6P12 Encrypted) | 9.6P16 | 9.6P16 |
DM7000H (ThinkSystem) | DM Series ONTAP Update Bundle (9.6P12 Non-encrypted) | 9.6P16 | 9.6P16 |
DM7000H (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Encrypted) | 9.8P7 | 9.8P7 |
DM7000H (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Non-encrypted) | 9.8P7 | 9.8P7 |
DM7000H (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) | 9.7P16 | 9.7P16 |
DM7000H (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) | 9.7P16 | 9.7P16 |
DM7000H (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) | 9.9.1P2 | 9.9.1P4 |
DM7000H (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) | 9.9.1P2 | 9.9.1P4 |
DM7100F (ThinkSystem) | DM Series ONTAP Update Bundle (9.5P15 Encrypted) | 9.7P16 | Not Affected |
DM7100F (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Encrypted) | 9.8P7 | 9.8P7 |
DM7100F (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Non-encrypted) | 9.8P7 | 9.8P7 |
DM7100F (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) | 9.7P16 | 9.7P16 |
DM7100F (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) | 9.7P16 | 9.7P16 |
DM7100F (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) | 9.9.1P2 | 9.9.1P4 |
DM7100F (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) | 9.9.1P2 | 9.9.1P4 |
DM7100H (ThinkSystem) | DM Series ONTAP Update Bundle (9.5P15 Encrypted) | 9.7P16 | Not Affected |
DM7100H (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Encrypted) | 9.8P7 | 9.8P7 |
DM7100H (ThinkSystem) | DM Series ONTAP Update Bundle (9.8 Non-encrypted) | 9.8P7 | 9.8P7 |
DM7100H (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) | 9.7P16 | 9.7P16 |
DM7100H (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) | 9.7P16 | 9.7P16 |
DM7100H (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) | 9.9.1P2 | 9.9.1P4 |
DM7100H (ThinkSystem) | Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) | 9.9.1P2 | 9.9.1P4 |
Your feedback helps to improve the overall experience