Does CVE-2021-4034 affect the NetApp environment?
- Views:
- 159
- Visibility:
- Public
- Votes:
- 0
- Category:
- cloud-manager
- Specialty:
- bluexp
- Last Updated:
- 2/21/2022, 12:10:20 PM
Applies to
- Cloud Volumes ONTAP (CVO)
- Linux OS
- Cybersecurity
Answer
From the available information, this appears to be a local privilege escalation in PolicyKit (also known as "polkit") giving unprivileged users admin rights on a target machine.
None of NetApp's appliances and other Linux shipping products are set up to allow unprivileged user logins, but NetApp will send evaluations according to standard process.
If a NetApp app is installed on a user-managed Linux system then the user should be checking with the Linux distribution vendor for information.