CVE-2021-26989

high-risk
Published 2021-03-04

Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access.

Do I need to act?

-
0.60% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Netapp

References (2)

Patch https://security.netapp.com/advisory/NTAP-20210303-0002
Patch https://security.netapp.com/advisory/NTAP-20210303-0002
53
/ 100
high-risk
Severity 24/34 · High
Exploitability 2/34 · Minimal
Exposure 27/34 · High