{"status":"success","advisory":{"_id":"6835471f5b16347a91c39c3d","kb_acknowledgements":null,"kb_affected_list":["Cluster Network Switch (NetApp CN1610)","Clustered Data ONTAP","Clustered Data ONTAP Antivirus Connector","Config Advisor","Data ONTAP operating in 7-Mode","NetApp Host Agent","NetApp Manageability SDK","NetApp SMI-S Provider","NetApp VTL","OnCommand Balance","OnCommand Unified Manager Host Package","OnCommand Workflow Automation","Open Systems SnapVault Agent","Service Processor","SnapDrive for Unix","SnapDrive for Windows","SnapProtect"],"kb_bad_data":false,"kb_cve":["CVE-2014-3470","CVE-2014-0076"],"kb_exploitation":"Public","kb_fixes":[{"product":"NetApp Manageability SDK","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/nmsdk/5.2.1R1P1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/nmsdk/5.1R1P1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/nmsdk/5.2.2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Unified Manager Host Package","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://library-clnt.dmz.netapp.com/info/communications/ECMP1400690.html"},{"product":"SnapDrive for Windows","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapdrive_win/7.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapDrive for Unix","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapdrive_redhatlinux/5.2.1P1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapdrive_aix/5.2.1P1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapdrive_sol/5.2.1P1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapdrive_solx86/5.2.1P1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapdrive_redhatlinux/5.2.2/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapdrive_aix/5.2.2/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapdrive_sol/5.2.2/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapdrive_solx86/5.2.2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp SMI-S Provider","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/smis/Windows/5.1.2/","cves":[]},{"link":"https://mysupport.netapp.com/NOW/download/software/smis/Windows/5.2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapProtect","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapprotect/11.0SP4/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Open Systems SnapVault Agent","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/esx/3.0.1P6/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Clustered Data ONTAP","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ontap/8.2.2/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/ontap/8.2.3/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/ontap/8.1.4P5/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp Host Agent","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://mysupport.netapp.com/info/communications/ECMLP2512371.html"},{"product":"OnCommand Balance","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/oncommand_ib/4.2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Cluster Network Switch (NetApp CN1610)","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/cm_switches_ntap/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp VTL","fixes":[],"instructions":null,"wontfix":true,"eos_link":"mysupport.netapp.com/info/eoa/df_eoa_category_page.html?category=Platforms#ECMLP2562710"},{"product":"OnCommand Workflow Automation","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ocwfa/2.2.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Data ONTAP operating in 7-Mode","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ontap/8.1.4P5/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/ontap/8.2.4/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Successful exploitation of this vulnerability can allow compromise of confidentiality and integrity of the communication and possibly a session hijack after authentication has occurred.","kb_internal_notes":[{"burt":"833500","jira":"","product":"Cluster Network Switch (NetApp CN1610)"},{"burt":"831033","jira":"","product":"Clustered Data ONTAP"},{"burt":"832008","jira":"","product":"Clustered Data ONTAP"},{"burt":"831667","jira":"","product":"Clustered Data ONTAP Antivirus Connector"},{"burt":"842394","jira":"","product":"Config Advisor"},{"burt":"833493","jira":"","product":"Data ONTAP PowerShell Toolkit"},{"burt":"831247","jira":"","product":"Data ONTAP operating in 7-Mode"},{"burt":"831671","jira":"","product":"FlashRay"},{"burt":"833492","jira":"","product":"MetroCluster Plug-in for vSphere"},{"burt":"832009","jira":"","product":"NetApp Host Agent"},{"burt":"831324","jira":"","product":"NetApp Manageability SDK"},{"burt":"832206","jira":"","product":"NetApp Plug-in for Symantec NetBackup"},{"burt":"833495","jira":"","product":"NetApp Recovery Manager for Citrix Sharefile"},{"burt":"831679","jira":"","product":"NetApp SMI-S Provider"},{"burt":"833498","jira":"","product":"NetApp VASA Provider for Data ONTAP operating in 7-Mode"},{"burt":"833499","jira":"","product":"NetApp VTL"},{"burt":"831668","jira":"","product":"OnCommand Balance"},{"burt":"838217","jira":"","product":"OnCommand Insight"},{"burt":"831673","jira":"","product":"OnCommand Performance Manager (Unified Manager Performance Pkg)"},{"burt":"833491","jira":"","product":"OnCommand Plug-in for Microsoft"},{"burt":"831670","jira":"","product":"OnCommand Unified Manager Host Package"},{"burt":"831687","jira":"","product":"OnCommand Workflow Automation"},{"burt":"832010","jira":"","product":"Open Systems SnapVault Agent"},{"burt":"833496","jira":"","product":"RBAC User Creator for Data ONTAP"},{"burt":"838452","jira":"","product":"Service Processor"},{"burt":"831676","jira":"","product":"Snap Creator Framework"},{"burt":"831677","jira":"","product":"SnapDrive for Unix"},{"burt":"831684","jira":"","product":"SnapDrive for Windows"},{"burt":"831678","jira":"","product":"SnapManager for Exchange"},{"burt":"838520","jira":"","product":"SnapManager for Hyper-V"},{"burt":"831683","jira":"","product":"SnapManager for MS SQL"},{"burt":"831680","jira":"","product":"SnapManager for Oracle"},{"burt":"831681","jira":"","product":"SnapManager for SAP"},{"burt":"831682","jira":"","product":"SnapManager for Sharepoint"},{"burt":"831685","jira":"","product":"SnapProtect"},{"burt":"833494","jira":"","product":"Storage Replication Adapter for Data ONTAP operating in 7-Mode 2.1"},{"burt":"831686","jira":"","product":"StorageGRID9 (9.x and prior)"},{"burt":"831666","jira":"","product":"System Manager 9.x"},{"burt":"834016","jira":"","product":"System Setup"},{"burt":"831688","jira":"","product":"Virtual Storage Console for Citrix XenServer"},{"burt":"831674","jira":"","product":"Virtual Storage Console for Red Hat Enterprise Virtualization"},{"burt":"831700","jira":"","product":"Virtual Storage Console for VMware vSphere 9.7 and above"}],"kb_investigating_list":[],"kb_num":"9010004","kb_ref":["https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3470","https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0076","https://www.openssl.org/news/secadv_20140605.txt"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20140609","version":"1.0"},{"comment":"Updated Affected Products.","date":"20140610","version":"2.0"},{"comment":"Updated Products Not affected.","date":"20140611","version":"3.0"},{"comment":"Updated Affected Products.","date":"20140612","version":"4.0"},{"comment":"Updated Affected Products.","date":"20140613","version":"5.0"},{"comment":"Updated affected & not affected products.","date":"20146017","version":"6.0"},{"comment":"Updated affected & not affected products.","date":"20146021","version":"7.0"},{"comment":"Updated affected & not affected products.","date":"20140710","version":"8.0"},{"comment":"Updated not affected products.","date":"20140714","version":"9.0"},{"comment":"Updated affected & not affected products.","date":"20140716","version":"10.0"},{"comment":"Updated products not affected.","date":"2014724","version":"11.0"},{"comment":"Updated affected & not affected products, fixed software.","date":"2014731","version":"12.0"},{"comment":"Updated affected & not affected products, fixed software.","date":"20140804","version":"13.0"},{"comment":"Updated products not affected & fixed available software.","date":"20140904","version":"14.0"},{"comment":"Updated fixed available software.","date":"20140908","version":"15.0"},{"comment":"Updated fixed available software.","date":"20140910","version":"16.0"},{"comment":"Updated fixed available software.","date":"20140911","version":"17.0"},{"comment":"Updated fixed available software.","date":"20140918","version":"18.0"},{"comment":"KB transition - no content change.","date":"20141003","version":"19.0"},{"comment":"Added link to the advisory, formatting.","date":"20141024","version":"20.0"},{"comment":"Updated Software Versions and Fixes, formatting.","date":"20141110","version":"21.0"},{"comment":"Updated Software Versions and Fixes.","date":"201401112","version":"22.0"},{"comment":"Updated Software Versions and Fixes.","date":"20141118","version":"23.0"},{"comment":"Update OCWFA fix link to 2.2.1GA, update title","date":"20140205","version":"24.0"},{"comment":"Updated Software Versions and Fixes, after further evaluation OnCommand Performance Manager was moved to the not affected list","date":"20150327","version":"25.0"},{"comment":"OnCommand Unified Manager Host Package added to Software Versions and Fixes","date":"20150828","version":"26.0"},{"comment":"Snap Protect added to Software Versions and Fixes","date":"20160811","version":"27.0"},{"comment":"Data ONTAP operating in 7-mode, Open Systems SnapVault Agent & SMI-S Provider (formerly Data ONTAP SMI-S Agent) moved to Products With Revised Vulnerability Status and added to Software Versions and Fixes, formatting changes, NetApp Host Agent added to Software Versions and Fixes; Final status.","date":"20160823","version":"28.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2014-0076":"CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N/E:F/RL:ND/RC:C","CVE-2014-3470":"CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:U/RC:C"},"kb_scoring_calc":[{"cve_id":"CVE-2014-0076","range":"MEDIUM","score":4.1,"vector":"AV:N/AC:M/Au:N/C:P/I:N/A:N/E:F/RL:ND/RC:C"},{"cve_id":"CVE-2014-3470","range":"MEDIUM","score":4.1,"vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:U/RC:C"}],"kb_status":"Final","kb_summary":"Specified NetApp products are affected by two vulnerabilities in the OpenSSL library Elliptic Curve Cryptography (ECC) implementation. Several NetApp products incorporate the OpenSSL software libraries to provide cryptographic capabilities. The OpenSSL releases prior to 0.9.8za, 1.0.0m, and 1.0.1h are affected by vulnerabilities related to ECC implementations.\r\n<ul><li>CVE-2014-3470 addresses a denial-of-service attack related to the enablement of anonymous Elliptic Curve Diffie-Hellman cypher suites.</li><li>CVE-2014-0076 addresses an attack on the Elliptic Curve Digital Signature Algorithm nonces.</li></ul>","kb_title":"June 2014 OpenSSL Elliptic Curve Vulnerabilities in Multiple NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","ATTO FibreBridge - 6500N","Brocade Fabric Operating System Firmware","Cloud Manager","Data ONTAP PowerShell Toolkit","E-Series SANtricity Storage Manager","E-Series SANtricity Web Services (REST API) for Web Services Proxy","FAS/AFF BIOS","FlashRay","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","MetroCluster Plug-in for vSphere","NetApp Cloud Backup (formerly AltaVault)","NetApp NFS Plug-in for VMware VAAI","NetApp Plug-in for Symantec NetBackup","NetApp Recovery Manager for Citrix Sharefile","NetApp SANtricity SMI-S Provider","NetApp Storage Encryption","NetApp VASA Provider for Data ONTAP operating in 7-Mode","OnCommand Insight","OnCommand Performance Manager (Unified Manager Performance Pkg)","OnCommand Plug-in for Microsoft","RBAC User Creator for Data ONTAP","Single Mailbox Recovery","Snap Creator Framework","SnapManager for Exchange","SnapManager for Hyper-V","SnapManager for MS SQL","SnapManager for Oracle","SnapManager for SAP","SnapManager for Sharepoint","Storage Replication Adapter for Data ONTAP operating in 7-Mode 2.1","Storage Services Connector","StorageGRID (formerly StorageGRID Webscale)","StorageGRID9 (9.x and prior)","System Manager 9.x","System Setup","Virtual Storage Console for Citrix XenServer","Virtual Storage Console for Red Hat Enterprise Virtualization","Virtual Storage Console for VMware vSphere 9.7 and above"],"kb_workarounds":"None.","ntap_advisory_id":"NTAP-20140609-0004","adv_id":"ntap-20140609-0004","published_date":"2014-06-09T00:00:00","updated_date":"2016-08-23T00:00:00","inserted_date":"2025-05-27T05:01:19.564000","modified_date":null}}