Netapp SnapCenter < 5.0p1 (Windows)

medium Nessus Plugin ID 208265

Synopsis

NetApp SnapCenter running on the remote host is affected by an Information Disclosure Vulnerabiity

Description

The version of Netapp SnapCenter installed on the remote host is prior to the 5.0p1 release, It is therefore, affected by a vulnerability referenced as CVE-2024-21993.

- CVE-2024-21993 is a vulnerability that could allow an authenticated attacker to discover plain text credentials resulting in the disclsure of sensitive information.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to SnapCenter version 5.0p1 or later

See Also

https://security.netapp.com/advisory/ntap-20240705-0007/

Plugin Details

Severity: Medium

ID: 208265

File Name: snapcenter_5_0p1.nasl

Version: 1.2

Type: remote

Agent: windows

Family: Windows

Published: 10/8/2024

Updated: 10/9/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

CVSS Score Source: CVE-2024-21993

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:netapp:snapcenter

Required KB Items: installed_sw/NetApp SnapCenter Server

Exploit Ease: No known exploits are available

Patch Publication Date: 7/5/2024

Vulnerability Publication Date: 7/5/2024

Reference Information

CVE: CVE-2024-21993

IAVA: 2024-A-0584