ONTAP 9 SAS FIPS 140-2 Drives Unlock on Reboot CVE-2023-27317
CVE-2023-27317 Published on December 15, 2023
Information Disclosure Vulnerability in ONTAP 9
ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a
vulnerability which will cause all SAS-attached FIPS 140-2 drives to
become unlocked after a system reboot or power cycle or a single
SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This
could lead to disclosure of sensitive information to an attacker with
physical access to the unlocked drives.
Vulnerability Analysis
CVE-2023-27317 can be exploited with physical access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2023-27317 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2023-27317
Want to know whenever a new CVE is published for NetApp Ontap? stack.watch will email you.
Affected Versions
NetApp ONTAP 9:- Version 9.12.1P8 is affected.
- Version 9.13.1P4 is affected.
- Version 9.13.1P5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.