Vulnerability Details CVE-2005-3327
Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators to bypass iSCSI authentication via a modified client that skips the Security (Start) mode, as required by the Login Negotiation protocol, and uses Operational mode without proving identity.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=113028385702680&w=2
- http://secunia.com/advisories/17321
- http://securitytracker.com/id?1015103
- http://www.matasano.com/advisories/netapp-iSCSI.txt
- http://www.securityfocus.com/bid/15197
- http://www.vupen.com/english/advisories/2005/2193
- http://marc.info/?l=bugtraq&m=113028385702680&w=2
- http://secunia.com/advisories/17321
- http://securitytracker.com/id?1015103
- http://www.matasano.com/advisories/netapp-iSCSI.txt
- http://www.securityfocus.com/bid/15197
- http://www.vupen.com/english/advisories/2005/2193
Products affected by CVE-2005-3327
-
cpe:2.3:a:network_appliance:data_ontap:*
-
cpe:2.3:a:network_appliance:data_ontap:6.4
-
cpe:2.3:a:network_appliance:data_ontap:6.5