CVE-2021-27001
MEDIUMClustered Data ONTAP <9.5P18-9.9.1P2 - Privilege Escalation
Title source: llmDescription
Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://security.netapp.com/advisory/ntap-20211018-0001
Scores
CVSS v3
5.5
EPSS
0.0006
EPSS Percentile
18.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
Status
published
Products (6)
netapp/clustered_data_ontap
9.5 (10 CPE variants)
netapp/clustered_data_ontap
9.6 (9 CPE variants)
netapp/clustered_data_ontap
9.7 (7 CPE variants)
netapp/clustered_data_ontap
9.8 (3 CPE variants)
netapp/clustered_data_ontap
9.9.1
netapp/clustered_data_ontap
9.0 - 9.4
Published
Oct 19, 2021
Tracked Since
Feb 18, 2026