Skip to main content

CVE-2024-21985: CWE-269 Improper Privilege Management in NetApp ONTAP 9

High
VulnerabilityCVE-2024-21985cvecve-2024-21985cwe-269
Published: Fri Jan 26 2024 (01/26/2024, 16:01:48 UTC)
Source: CVE Database V5
Vendor/Project: NetApp
Product: ONTAP 9

Description

ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege. Possible actions include viewing limited configuration details and metrics or modifying limited settings, some of which could result in a Denial of Service (DoS).

AI-Powered Analysis

AILast updated: 07/07/2025, 23:55:58 UTC

Technical Analysis

CVE-2024-21985 is a high-severity vulnerability affecting NetApp ONTAP 9 storage operating system versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10, and 9.13.1P4. The vulnerability stems from improper privilege management (CWE-269) in the REST API interface, allowing an authenticated user who possesses multiple remote accounts with differing roles to perform actions beyond their assigned privileges. Specifically, this flaw enables such users to view restricted configuration details and metrics or modify certain settings that they should not have access to. Some of these unauthorized modifications could lead to Denial of Service (DoS) conditions, impacting system availability. The vulnerability requires network access (AV:N), low attack complexity (AC:L), and only low privileges (PR:L) but no user interaction (UI:N). The scope is unchanged (S:U), and the impact affects confidentiality and integrity to a limited extent (C:L, I:L) but availability is highly impacted (A:H). No known exploits are currently reported in the wild. The vulnerability is rooted in the REST API's failure to enforce strict role-based access control when multiple accounts with different roles are used concurrently, allowing privilege escalation within the system. This can compromise the integrity and availability of critical storage infrastructure managed by ONTAP 9, which is widely used in enterprise environments for data storage and management.

Potential Impact

For European organizations, the impact of CVE-2024-21985 can be significant, especially for enterprises relying on NetApp ONTAP 9 for critical storage infrastructure. Unauthorized privilege escalation can lead to exposure of sensitive configuration data, potentially aiding further attacks or reconnaissance. More critically, the ability to modify settings beyond intended privileges can cause service disruptions or Denial of Service, affecting business continuity and data availability. This is particularly concerning for sectors with stringent data availability requirements such as finance, healthcare, telecommunications, and government agencies. The vulnerability could also undermine compliance with European data protection regulations like GDPR if it results in unauthorized data access or service outages. Although exploitation requires authenticated access, the presence of multiple accounts with differing roles is common in large organizations, increasing the risk. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits following public disclosure.

Mitigation Recommendations

European organizations should prioritize updating NetApp ONTAP 9 to the fixed versions 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10, or 9.13.1P4 as soon as possible to remediate this vulnerability. Until patches are applied, organizations should audit and minimize the number of remote accounts with differing roles to reduce the attack surface. Implement strict role-based access control policies and regularly review account privileges to ensure least privilege principles are enforced. Network segmentation and access controls should be applied to restrict REST API access to trusted management networks only. Monitoring and logging of REST API usage should be enhanced to detect anomalous or unauthorized actions that could indicate exploitation attempts. Additionally, multi-factor authentication (MFA) for all administrative and remote accounts can reduce the risk of credential compromise. Organizations should also prepare incident response plans to quickly address potential DoS conditions or unauthorized configuration changes. Vendor advisories and security bulletins should be monitored for any updates or exploit reports.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
netapp
Date Reserved
2024-01-03T19:45:25.346Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68387d4f182aa0cae28316f6

Added to database: 5/29/2025, 3:29:19 PM

Last enriched: 7/7/2025, 11:55:58 PM

Last updated: 8/16/2025, 6:34:51 AM

Views: 20

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats