CVE-2024-21990 - Vulnerability Details - OpenCVE

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netapp	Ontap Select Deploy Administration Utility

Configuration 1 [-]

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.netapp.com/advisory/ntap-20240411-0002/

History

Mon, 10 Feb 2025 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Netapp Netapp ontap Select Deploy Administration Utility
Weaknesses		CWE-798
CPEs		cpe:2.3:a:netapp:ontap_select_deploy_administration_utility::::::::
Vendors & Products		Netapp Netapp ontap Select Deploy Administration Utility

MITRE

Status: PUBLISHED

Assigner: netapp

Published: 2024-04-17T19:35:23.599Z

Updated: 2024-08-01T22:35:34.847Z

Reserved: 2024-01-03T19:45:25.346Z

Link: CVE-2024-21990

Vulnrichment

Updated: 2024-08-01T22:35:34.847Z

NVD

Status : Analyzed

Published: 2024-04-17T20:15:07.863

Modified: 2025-02-10T19:29:29.260

Link: CVE-2024-21990

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21990", "assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "state": "PUBLISHED", "assignerShortName": "netapp", "dateReserved": "2024-01-03T19:45:25.346Z", "datePublished": "2024-04-17T19:35:23.599Z", "dateUpdated": "2024-08-01T22:35:34.847Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ONTAP Select Deploy administration utility", "vendor": "NetApp", "versions": [{"lessThanOrEqual": "9.14.1P2", "status": "affected", "version": "9.12.1", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "ONTAP Select Deploy administration utility versions 9.12.1.x, \n9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an\n attacker to view Deploy configuration information and modify the \naccount credentials.\n\n\n\n<br>"}], "value": "ONTAP Select Deploy administration utility versions 9.12.1.x, \n9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an\n attacker to view Deploy configuration information and modify the \naccount credentials.\n\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-259", "description": "CWE-259", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "shortName": "netapp", "dateUpdated": "2024-04-17T19:35:23.599Z"}, "references": [{"url": "https://security.netapp.com/advisory/ntap-20240411-0002/"}], "source": {"advisory": "NTAP-20240411-0002", "discovery": "UNKNOWN"}, "title": "Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21990", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-23T15:34:29.517252Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:netapp:clustered_data_ontap:9.12.1:-:*:*:*:*:*:*"], "vendor": "netapp", "product": "clustered_data_ontap", "versions": [{"status": "affected", "version": "9.12.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:netapp:clustered_data_ontap:9.13.1:-:*:*:*:*:*:*"], "vendor": "netapp", "product": "clustered_data_ontap", "versions": [{"status": "affected", "version": "9.13.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:netapp:clustered_data_ontap:9.14.0:-:*:*:*:*:*:*"], "vendor": "netapp", "product": "clustered_data_ontap", "versions": [{"status": "affected", "version": "9.14.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:37:30.646Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.847Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20240411-0002/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20240411-0002/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.847Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21990", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-23T15:34:29.517252Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:netapp:clustered_data_ontap:9.12.1:-:*:*:*:*:*:*"], "vendor": "netapp", "product": "clustered_data_ontap", "versions": [{"status": "affected", "version": "9.12.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:netapp:clustered_data_ontap:9.13.1:-:*:*:*:*:*:*"], "vendor": "netapp", "product": "clustered_data_ontap", "versions": [{"status": "affected", "version": "9.13.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:netapp:clustered_data_ontap:9.14.0:-:*:*:*:*:*:*"], "vendor": "netapp", "product": "clustered_data_ontap", "versions": [{"status": "affected", "version": "9.14.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-23T15:33:30.155Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility", "source": {"advisory": "NTAP-20240411-0002", "discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NetApp", "product": "ONTAP Select Deploy administration utility", "versions": [{"status": "affected", "version": "9.12.1", "versionType": "patch", "lessThanOrEqual": "9.14.1P2"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://security.netapp.com/advisory/ntap-20240411-0002/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "ONTAP Select Deploy administration utility versions 9.12.1.x, \n9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an\n attacker to view Deploy configuration information and modify the \naccount credentials.\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "ONTAP Select Deploy administration utility versions 9.12.1.x, \n9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an\n attacker to view Deploy configuration information and modify the \naccount credentials.\n\n\n\n<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-259", "description": "CWE-259"}]}], "providerMetadata": {"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "shortName": "netapp", "dateUpdated": "2024-04-17T19:35:23.599Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21990", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:35:34.847Z", "dateReserved": "2024-01-03T19:45:25.346Z", "assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "datePublished": "2024-04-17T19:35:23.599Z", "assignerShortName": "netapp"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C224CC9-CC03-4268-BEC9-5C70D5B1556D", "versionEndIncluding": "9.14.1", "versionStartIncluding": "9.12.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ONTAP Select Deploy administration utility versions 9.12.1.x, \n9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an\n attacker to view Deploy configuration information and modify the \naccount credentials.\n\n\n\n\n"}, {"lang": "es", "value": "Las versiones 9.12.1.x, 9.13.1.x y 9.14.1.x de la utilidad de administraci\u00f3n ONTAP Select Deploy contienen credenciales codificadas que podr\u00edan permitir a un atacante ver la informaci\u00f3n de configuraci\u00f3n de Deploy y modificar las credenciales de la cuenta."}], "id": "CVE-2024-21990", "lastModified": "2025-02-10T19:29:29.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security-alert@netapp.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-17T20:15:07.863", "references": [{"source": "security-alert@netapp.com", "tags": ["Vendor Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240411-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240411-0002/"}], "sourceIdentifier": "security-alert@netapp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-259"}], "source": "security-alert@netapp.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}