Please note: This website includes an accessibility system. Press Control-F11 to adjust the website to the visually impaired who are using a screen reader; Press Control-F10 to open an accessibility menu.

NetApp Clustered Data ONTAP Vulnerabilities

NetApp Clustered Data ONTAP Vulnerabilities

NetApp Clustered Data ONTAP Vulnerabilities

Lenovo Security Advisory: LEN-74278

Potential Impact: Arbitrary data modification, information disclosure, denial of service

Severity: Medium

Scope of Impact: Industry-wide

CVE Identifier: CVE-2021-27001, CVE-2021-27004, CVE-2021-27005

 

Summary Description:

NetApp reported the following vulnerabilities in NetApp Clustered Data ONTAP.

NetApp Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify WORM data prior to the end of the retention period. NTAP-20211018-0001: CVE-2021-27001
NetApp Clustered Data ONTAP versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials. NTAP-20211029-0001: CVE-2021-27004
NetApp Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server. NTAP-20211029-0002: CVE-2021-27005

 

Mitigation Strategy for Customers (what you should do to protect yourself):

NetApp recommends updating to the appropriate NetApp Clustered Data ONTAP version for your product as indicated in the Product Impact section below.

Lenovo recommends upgrading NetApp Clustered Data ONTAP version 9.5 to a later version or restrict access to the NetApp Clustered Data ONTAP web interface using a firewall.

 

Product Impact:

To download the version specified for your product below, follow these steps:

Navigate to the Drivers & Software support site for your product:

  1. Search for your product by name or machine type.
  2. Click Drivers & Software on the left menu panel.
  3. Click on Manual Update to browse by Component type.
  4. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.

Lenovo also offers tools to assist with update management as an alternative to the manual steps described above. Refer to the following for additional help:

PC Products and Software: https://support.lenovo.com/us/en/solutions/ht504759

Server and Enterprise Software: https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd and https://datacentersupport.lenovo.com/us/en/documents/lnvo-center

 

Click below links to view affected products:

Storage

 

References:

https://security.netapp.com/advisory/ntap-20211018-0001/

https://security.netapp.com/advisory/NTAP-20211029-0001

https://security.netapp.com/advisory/NTAP-20211029-0002

 

Revision History:

Revision Date Description
2 2021-12-01 Updated Storage
1 2021-11-09 Initial release

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

 

Product Impact:

Storage

 

Product Component CVE-2021-27001, CVE-2021-27004, CVE-2021-27005 CVE-2021-27004, CVE-2021-27005
DM120S (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7 9.8P7
DM120S (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7 9.8P7
DM240N (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7 9.8P7
DM240N (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7 9.8P7
DM240S (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7 9.8P7
DM240S (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7 9.8P7
DM3000H (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Encrypted) 9.7P16 Not Affected
DM3000H (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Non-encrypted) 9.7P16 Not Affected
DM3000H (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Encrypted) 9.6P16 9.6P16
DM3000H (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Non-encrypted) 9.6P16 9.6P16
DM3000H (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7 9.8P7
DM3000H (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7 9.8P7
DM3000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) 9.7P16 9.7P16
DM3000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) 9.7P16 9.7P16
DM3000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) 9.9.1P2 9.9.1P4
DM3000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) 9.9.1P2 9.9.1P4
DM5000F (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Encrypted) 9.7P16 Not Affected
DM5000F (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Non-encrypted) 9.7P16 Not Affected
DM5000F (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Encrypted) 9.6P16 9.6P16
DM5000F (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Non-encrypted) 9.6P16 9.6P16
DM5000F (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7 9.8P7
DM5000F (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7 9.8P7
DM5000F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) 9.7P16 9.7P16
DM5000F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) 9.7P16 9.7P16
DM5000F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) 9.9.1P2 9.9.1P4
DM5000F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) 9.9.1P2 9.9.1P4
DM5000H (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Encrypted) 9.7P16 Not Affected
DM5000H (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Non-encrypted) 9.7P16 Not Affected
DM5000H (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Encrypted) 9.6P16 9.6P16
DM5000H (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Non-encrypted) 9.6P16 9.6P16
DM5000H (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7 9.8P7
DM5000H (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7 9.8P7
DM5000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) 9.7P16 9.7P16
DM5000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) 9.7P16 9.7P16
DM5000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) 9.9.1P2 9.9.1P4
DM5000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) 9.9.1P2 9.9.1P4
DM5100F (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7 9.8P7
DM5100F (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7 9.8P7
DM5100F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) 9.9.1P2 9.9.1P4
DM5100F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) 9.9.1P2 9.9.1P4
DM600S (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Encrypted) 9.7P16 Not Affected
DM600S (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7 9.8P7
DM600S (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7 9.8P7
DM7000F (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Encrypted) 9.7P16 Not Affected
DM7000F (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Non-encrypted) 9.7P16 Not Affected
DM7000F (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Encrypted) 9.6P16 9.6P16
DM7000F (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Non-encrypted) 9.6P16 9.6P16
DM7000F (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7 9.8P7
DM7000F (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7 9.8P7
DM7000F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) 9.7P16 9.7P16
DM7000F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) 9.7P16 9.7P16
DM7000F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) 9.9.1P2 9.9.1P4
DM7000F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) 9.9.1P2 9.9.1P4
DM7000H (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Encrypted) 9.7P16 Not Affected
DM7000H (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Non-encrypted) 9.7P16 Not Affected
DM7000H (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Encrypted) 9.6P16 9.6P16
DM7000H (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Non-encrypted) 9.6P16 9.6P16
DM7000H (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7 9.8P7
DM7000H (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7 9.8P7
DM7000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) 9.7P16 9.7P16
DM7000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) 9.7P16 9.7P16
DM7000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) 9.9.1P2 9.9.1P4
DM7000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) 9.9.1P2 9.9.1P4
DM7100F (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Encrypted) 9.7P16 Not Affected
DM7100F (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7 9.8P7
DM7100F (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7 9.8P7
DM7100F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) 9.7P16 9.7P16
DM7100F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) 9.7P16 9.7P16
DM7100F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) 9.9.1P2 9.9.1P4
DM7100F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) 9.9.1P2 9.9.1P4
DM7100H (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Encrypted) 9.7P16 Not Affected
DM7100H (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7 9.8P7
DM7100H (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7 9.8P7
DM7100H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) 9.7P16 9.7P16
DM7100H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) 9.7P16 9.7P16
DM7100H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) 9.9.1P2 9.9.1P4
DM7100H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) 9.9.1P2 9.9.1P4

Alias Id:LEN-74278
Document ID:PS500448
Original Publish Date:11/09/2021
Last Modified Date:12/01/2021