VYPR
Unrated severityNVD Advisory· Published Dec 15, 2023· Updated May 7, 2025

Information Disclosure Vulnerability in ONTAP 9

CVE-2023-27317

Description

ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives.

Affected products

2
  • NetApp/ONTAPllm-fuzzy2 versions
    =9.12.1P8, =9.13.1P4, =9.13.1P5+ 1 more
    • (no CPE)range: =9.12.1P8, =9.13.1P4, =9.13.1P5
    • (no CPE)range: 9.12.1P8

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.