- Product Model: V3250
- OS: Clustered Data ONTAP 8.2P4 (Any version of clustered Data ONTAP prior to 8.2.2RC1)
CIFS NULL session permitted against Storage Virtual Machine (SVM) data connections in clustered Data ONTAP.
For more information, see the following links:
NULL sessions allow anonymous users to establish unauthenticated CIFS sessions with Windows or third-party CIFS implementations such as Samba or the Solaris CIFS Server. These anonymous users might be able to enumerate local users, groups, servers, shares, domains, domain policies, and might be able to access various MSRPC services through RPC function calls. These services have been historically affected by numerous vulnerabilities. The wealth of information available to attackers through NULL sessions might also allow them to carry out more sophisticated attacks.