CVE-2023-1096
CRITICALSnapCenter 4.7-4.7P2 and 4.8-4.8P1 - Unauthenticated Admin Access
Title source: llmDescription
SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user.
References (1)
Core 1
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230511-0011/
Scores
CVSS v3
9.8
EPSS
0.0101
EPSS Percentile
77.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (2)
netapp/snapcenter
4.7 (2 CPE variants)
netapp/snapcenter
4.8
Published
May 12, 2023
Tracked Since
Feb 18, 2026