CVE-2021-26995 – This vulnerability allows privileged attackers ... (How to Fix)

Q: What is the severity of CVE-2021-26995?

CVE-2021-26995 has a CVSS score of 8.8 (HIGH). This vulnerability allows privileged attackers to execute arbitrary code on NetApp E-Series SANtricity OS Controller Software. Affected systems are those running versions 11.x prior to 11.70.1. Successful exploitation could lead to complete system compromise.

📋 TL;DR

This vulnerability allows privileged attackers to execute arbitrary code on NetApp E-Series SANtricity OS Controller Software. Affected systems are those running versions 11.x prior to 11.70.1. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:

NetApp E-Series SANtricity OS Controller Software

Versions: 11.x versions prior to 11.70.1

Operating Systems: SANtricity OS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires privileged access to exploit. Affects both physical and virtual storage controllers.

📦 What is this software?

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with administrative privileges, allowing data theft, destruction, or ransomware deployment across the storage infrastructure.

🟠

Likely Case

Privileged attackers gaining remote code execution to install backdoors, exfiltrate sensitive data, or disrupt storage operations.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent attackers from reaching vulnerable interfaces.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires privileged access. No public exploit code available as per advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.70.1 or later

Vendor Advisory: https://security.netapp.com/advisory/NTAP-20210610-0002

Restart Required: Yes

Instructions:

1. Download SANtricity OS 11.70.1 or later from NetApp support site. 2. Follow NetApp's documented upgrade procedures for E-Series controllers. 3. Apply update to all affected controllers. 4. Verify successful upgrade and functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to SANtricity management interfaces to only authorized administrative networks.

Access Control Hardening

all

Implement strict authentication and authorization controls for administrative access to storage controllers.

🧯 If You Can't Patch

Implement strict network segmentation to isolate storage management interfaces from untrusted networks.
Enhance monitoring and logging of all administrative access to storage controllers for suspicious activity.

🔍 How to Verify

Check if Vulnerable:

Check SANtricity OS version via web interface or CLI. Versions 11.x prior to 11.70.1 are vulnerable.

Check Version:

Check via SANtricity web interface under System > About, or use SANtricity CLI commands specific to your deployment.

Verify Fix Applied:

Confirm version is 11.70.1 or later after applying patch.

📡 Detection & Monitoring

Log Indicators:

Unusual administrative login attempts
Unexpected configuration changes
Suspicious process execution on storage controllers

Network Indicators:

Unusual traffic to SANtricity management ports (typically 8443 for HTTPS)

SIEM Query:

source="storage_controller" AND (event_type="admin_login" OR event_type="config_change") AND result="failure"

📊 Metadata

CVE ID: CVE-2021-26995

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: June 11, 2021

Last Updated: November 21, 2024

🔗 References

https://security.netapp.com/advisory/NTAP-20210610-0002 Vendor Advisory
https://security.netapp.com/advisory/NTAP-20210610-0002 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON