CVE-2023-27314 - OpenCVE

ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Netapp	Clustered Data Ontap

Configuration 1 [-]

OR	cpe:2.3:a:netapp:clustered_data_ontap::::::::
	cpe:2.3:a:netapp:clustered_data_ontap:9.8:-::::::
	cpe:2.3:a:netapp:clustered_data_ontap:9.8:p7::::::
	cpe:2.3:a:netapp:clustered_data_ontap:9.9.1:-::::::
	cpe:2.3:a:netapp:clustered_data_ontap:9.9.1:p3::::::
	cpe:2.3:a:netapp:clustered_data_ontap:9.10.0:-::::::
	cpe:2.3:a:netapp:clustered_data_ontap:9.10.1:-::::::
	cpe:2.3:a:netapp:clustered_data_ontap:9.12.0:-::::::
	cpe:2.3:a:netapp:clustered_data_ontap:9.13.0:-::::::

No data.

References

Link	Providers
https://security.netapp.com/advisory/ntap-20231009-0001/

History

Wed, 18 Sep 2024 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: netapp

Published: 2023-10-12T18:26:47.593Z

Updated: 2024-09-18T15:02:57.897Z

Reserved: 2023-02-28T17:20:57.461Z

Link: CVE-2023-27314

Vulnrichment

Updated: 2024-08-02T12:09:43.031Z

NVD

Status : Analyzed

Published: 2023-10-12T19:15:11.747

Modified: 2023-10-18T18:00:24.900

Link: CVE-2023-27314

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-27314", "assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "state": "PUBLISHED", "assignerShortName": "netapp", "dateReserved": "2023-02-28T17:20:57.461Z", "datePublished": "2023-10-12T18:26:47.593Z", "dateUpdated": "2024-09-18T15:02:57.897Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ONTAP 9", "vendor": "NetApp", "versions": [{"lessThan": "9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2, 9.13.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2023-10-09T04:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, \n9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow\n a remote unauthenticated attacker to cause a crash of the HTTP service."}], "value": "ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, \n9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow\n a remote unauthenticated attacker to cause a crash of the HTTP service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "shortName": "netapp", "dateUpdated": "2023-10-12T18:26:47.593Z"}, "references": [{"url": "https://security.netapp.com/advisory/ntap-20231009-0001/"}], "source": {"advisory": "NTAP-20231009-0001", "discovery": "UNKNOWN"}, "title": "Denial of Service Vulnerability in ONTAP 9", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:09:43.031Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20231009-0001/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-18T15:02:45.835840Z", "id": "CVE-2023-27314", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T15:02:57.897Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20231009-0001/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:09:43.031Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-27314", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-18T15:02:45.835840Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T15:02:51.927Z"}}], "cna": {"title": "Denial of Service Vulnerability in ONTAP 9", "source": {"advisory": "NTAP-20231009-0001", "discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NetApp", "product": "ONTAP 9", "versions": [{"status": "affected", "version": "0", "lessThan": "9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2, 9.13.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2023-10-09T04:00:00.000Z", "references": [{"url": "https://security.netapp.com/advisory/ntap-20231009-0001/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, \n9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow\n a remote unauthenticated attacker to cause a crash of the HTTP service.", "supportingMedia": [{"type": "text/html", "value": "ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, \n9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow\n a remote unauthenticated attacker to cause a crash of the HTTP service.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "shortName": "netapp", "dateUpdated": "2023-10-12T18:26:47.593Z"}}}, "cveMetadata": {"cveId": "CVE-2023-27314", "state": "PUBLISHED", "dateUpdated": "2024-09-18T15:02:57.897Z", "dateReserved": "2023-02-28T17:20:57.461Z", "assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "datePublished": "2023-10-12T18:26:47.593Z", "assignerShortName": "netapp"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9342DC4-2928-49B6-AACA-95B3DE9C994A", "versionEndExcluding": "9.8", "versionStartIncluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.8:-:*:*:*:*:*:*", "matchCriteriaId": "BE523D87-B51F-41F2-9B6F-A85AB28FF3DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.8:p7:*:*:*:*:*:*", "matchCriteriaId": "B353C687-391F-476E-9199-2D769842E019", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.9.1:-:*:*:*:*:*:*", "matchCriteriaId": "E0284DC1-9FAA-4979-82C3-AB7347614C80", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.9.1:p3:*:*:*:*:*:*", "matchCriteriaId": "76CBFD8A-CE4C-4337-8F22-397DDCC1B074", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.10.0:-:*:*:*:*:*:*", "matchCriteriaId": "E932E75A-46F0-47AA-9EFE-11D7127D4015", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.10.1:-:*:*:*:*:*:*", "matchCriteriaId": "F1A4278F-D9A9-4C39-AC53-AB35DB921E02", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.12.0:-:*:*:*:*:*:*", "matchCriteriaId": "CABEEE42-6098-4259-ABAA-8D8D7BEEB0A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.13.0:-:*:*:*:*:*:*", "matchCriteriaId": "BE4AE3BB-685A-466F-B4FA-D49D366C6598", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, \n9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow\n a remote unauthenticated attacker to cause a crash of the HTTP service."}, {"lang": "es", "value": "Las versiones de ONTAP 9 anteriores a 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 y 9.13.1 son susceptibles a una vulnerabilidad que podr\u00eda permitir que un atacante remoto no autenticado provoque una falla del servicio HTTP."}], "id": "CVE-2023-27314", "lastModified": "2023-10-18T18:00:24.900", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-alert@netapp.com", "type": "Secondary"}]}, "published": "2023-10-12T19:15:11.747", "references": [{"source": "security-alert@netapp.com", "tags": ["Vendor Advisory"], "url": "https://security.netapp.com/advisory/ntap-20231009-0001/"}], "sourceIdentifier": "security-alert@netapp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-alert@netapp.com", "type": "Secondary"}]}