{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/netapp/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:oracle:mysql_connector\\/j:*:*:*:*:*:*:*:*","cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":8.3,"id":"CVE-2023-22102"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Active IQ Unified Manager","Active IQ Unified Manager for Microsoft Windows","Active IQ Unified Manager pour VMware vSphere","OnCommand Insight"],"_cs_severities":["critical"],"_cs_tags":["rce","netapp","cve-2023-22102"],"_cs_type":"advisory","_cs_vendors":["NetApp","Microsoft","VMware"],"content_html":"\u003cp\u003eA remote code execution vulnerability, tracked as CVE-2023-22102, has been discovered in NetApp Active IQ Unified Manager and OnCommand Insight. This vulnerability impacts Active IQ Unified Manager for Microsoft Windows versions prior to 9.16P2D23, versions prior to 9.18D11 or 9.18P1, Active IQ Unified Manager for VMware vSphere versions prior to 9.16P2D23, versions prior to 9.18D11 or 9.18P1, and OnCommand Insight versions prior to 7.3.15. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on the affected system. NetApp has released security bulletin NTAP-20231027-0007 on May 27, 2026, to address this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a vulnerable NetApp Active IQ Unified Manager or OnCommand Insight instance exposed to the network.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request, exploiting the CVE-2023-22102 vulnerability.\u003c/li\u003e\n\u003cli\u003eThe request is sent to the targeted NetApp server via the network (likely over HTTP/HTTPS).\u003c/li\u003e\n\u003cli\u003eThe vulnerable component processes the malicious request, failing to properly sanitize or validate the input.\u003c/li\u003e\n\u003cli\u003eThis leads to arbitrary code execution within the context of the application.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control over the compromised system.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform further actions such as installing malware, accessing sensitive data, or pivoting to other systems within the network.\u003c/li\u003e\n\u003cli\u003eThe final objective is likely data exfiltration, disruption of services, or further lateral movement.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2023-22102 can lead to complete compromise of the affected NetApp Active IQ Unified Manager or OnCommand Insight server. This can result in data loss, disruption of management operations, and potential lateral movement to other systems within the network, depending on the permissions and network access of the compromised server. The potential impact ranges from loss of confidentiality and integrity to a complete shutdown of critical services managed by the compromised NetApp product.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch all affected NetApp Active IQ Unified Manager and OnCommand Insight instances to the latest versions specified in the NetApp security bulletin NTAP-20231027-0007.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious activity targeting NetApp Active IQ Unified Manager and OnCommand Insight servers using the provided Sigma rules.\u003c/li\u003e\n\u003cli\u003eReview and harden network segmentation to limit the blast radius of a potential compromise.\u003c/li\u003e\n\u003cli\u003eApply the principle of least privilege to the NetApp Active IQ Unified Manager and OnCommand Insight server accounts to restrict the impact of potential code execution.\u003c/li\u003e\n\u003cli\u003eRegularly audit and review the security configuration of NetApp Active IQ Unified Manager and OnCommand Insight instances.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-28T11:34:20Z","date_published":"2026-05-28T11:34:20Z","id":"https://feed.craftedsignal.io/briefs/2026-05-netapp-rce/","summary":"CVE-2023-22102 describes a vulnerability in NetApp Active IQ Unified Manager and OnCommand Insight that allows a remote attacker to execute arbitrary code.","title":"NetApp Active IQ Unified Manager and OnCommand Insight Remote Code Execution Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-netapp-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — NetApp","version":"https://jsonfeed.org/version/1.1"}