{"status":"success","advisory":{"_id":"6835471f5b16347a91c39c40","kb_acknowledgements":null,"kb_affected_list":["7-Mode Transition Tool","Brocade Data Center Fabric Manager Professional Software","Brocade Fabric Operating System Firmware","Brocade Network Advisor Software","Cluster Network Switch (NetApp CN1610)","Clustered Data ONTAP","Clustered Data ONTAP Antivirus Connector","Data ONTAP PowerShell Toolkit","Data ONTAP operating in 7-Mode","FlashRay","NetApp Host Agent","NetApp Manageability SDK","NetApp Plug-in for Symantec NetBackup","NetApp Recovery Manager for Citrix Sharefile","NetApp SMI-S Provider","NetApp VASA Provider for Clustered Data ONTAP 9.7 and above","NetApp VASA Provider for Data ONTAP operating in 7-Mode","NetApp VTL","OnCommand Balance","OnCommand Insight","OnCommand Performance Manager (Unified Manager Performance Pkg)","OnCommand Plug-in for Microsoft","OnCommand Report","OnCommand Unified Manager Core Package","OnCommand Unified Manager Host Package","OnCommand Unified Manager for Clustered Data ONTAP","OnCommand Workflow Automation","Open Systems SnapVault Agent","RapidData Migration Solution","Service Processor","Snap Creator Framework","SnapDrive for Unix","SnapDrive for Windows","SnapManager for Oracle","SnapManager for SAP","SnapManager for Sharepoint","SnapProtect","Storage Replication Adapter for Data ONTAP operating in 7-Mode 2.1","System Manager 9.x","Virtual Storage Console for Citrix XenServer","Virtual Storage Console for Red Hat Enterprise Virtualization","Virtual Storage Console for VMware vSphere 9.7 and above"],"kb_bad_data":false,"kb_cve":["CVE-2014-3566"],"kb_exploitation":"Public","kb_fixes":[{"product":"Storage Replication Adapter for Data ONTAP operating in 7-Mode 2.1","fixes":[],"instructions":"To use exclusively TLS, an upgrade to SRM 6.0 is required along with enabling SSL communication using KB 1012531:\r\nhttps://kb.netapp.com/support/index?page=content&id=1012531","wontfix":false,"eos_link":null},{"product":"Snap Creator Framework","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapcreator_framework/4.3/","cves":[]}],"instructions":"SCF supports TLS when communicating with Data ONTAP when SSL v3 is disabled within Java on both the SCF Server and Agent hosts and after enabling TLS in ONTAP. ","wontfix":false,"eos_link":null},{"product":"OnCommand Performance Manager (Unified Manager Performance Pkg)","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/oncommand_pm/1.0R2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapDrive for Unix","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapdrive_redhatlinux/5.3/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Virtual Storage Console for VMware vSphere 9.7 and above","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/vsc_win/6.0/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Brocade Network Advisor Software","fixes":[{"link":"https://www.broadcom.com/products/fibre-channel-networking/software/brocade-network-advisor","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapManager for SAP","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapmanager_sap_unix/3.4/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapmanager_sap_win/3.4/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Clustered Data ONTAP","fixes":[],"instructions":"Enable TLS then disable SSLv2 and v3 in ONTAP using the following KB article: https://kb.netapp.com/support/index?page=content&id=1015015","wontfix":false,"eos_link":null},{"product":"OnCommand Insight","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/sanscreen/7.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp Plug-in for Symantec NetBackup","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/nbu_plugin_win/1.1P1/","cves":[]},{"link":"https://mysupport.netapp.com/NOW/download/software/nbu_plugin_lin/1.1P1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Brocade Data Center Fabric Manager Professional Software","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2850034.html"},{"product":"OnCommand Unified Manager for Clustered Data ONTAP","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/oncommand_cdot/6.3/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/oncommand_cdot_lin/6.3/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Virtual Storage Console for Red Hat Enterprise Virtualization","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://mysupport.netapp.com/info/communications/ECMP12466203.html"},{"product":"Cluster Network Switch (NetApp CN1610)","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/sanswitch/fcp/NetApp/cn1610cm/bin/NetApp_CN1610_1.1.0.8.stk","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/sanswitch/fcp/NetApp/cn1610cm/bin/NetApp_CN1610_1.1.0.8-mibs.tar.bz2","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/sanswitch/fcp/NetApp/cn1610cm/bin/NetApp_CN1610_1.2.0.1.stk","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/sanswitch/fcp/NetApp/cn1610cm/bin/NetApp_CN1610_1.2.0.1-mibs.tar.bz2","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp VTL","fixes":[],"instructions":null,"wontfix":true,"eos_link":"mysupport.netapp.com/info/eoa/df_eoa_category_page.html?category=Platforms#ECMLP2562710"},{"product":"OnCommand Workflow Automation","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ocwfa/3.0/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"FlashRay","fixes":[],"instructions":null,"wontfix":true,"eos_link":"n/a"},{"product":"OnCommand Unified Manager Host Package","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://library-clnt.dmz.netapp.com/info/communications/ECMP1400690.html"},{"product":"7-Mode Transition Tool","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ntap_7mtt/2.0/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Unified Manager Core Package","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/occore_win/5.2.1/","cves":[]},{"link":"https://mysupport.netapp.com/NOW/download/software/occore_lin/5.2.1/","cves":[]}],"instructions":"After upgrading, SSLv2 and SSLv3 must be disabled: https://kb.netapp.com/support/index?page=content&id=3014517","wontfix":false,"eos_link":null},{"product":"SnapManager for Oracle","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapmanager_oracle_unix/3.4/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapmanager_oracle_win/3.4/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapDrive for Windows","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapdrive_win/7.1.2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp VASA Provider for Data ONTAP operating in 7-Mode","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2804177.html"},{"product":"SnapProtect","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapprotect/11.0SP4/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp SMI-S Provider","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/smis/Windows/5.2.2/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/smis/Linux/5.2.2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp VASA Provider for Clustered Data ONTAP 9.7 and above","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/vasa_cdot/5.0P1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Brocade Fabric Operating System Firmware","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/sanswitch/fcp/Brocade/v7.3.0c.zip","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/sanswitch/fcp/Brocade/v7.3.0c.tar.gz","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Open Systems SnapVault Agent","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/aix/3.0.1P6/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/hpux/3.0.1P6/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/linux/3.0.1P6/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/sol/3.0.1P6/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/solx86/3.0.1P6/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/esx/3.0.1P6/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/win2003/3.0.1P6/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/win2008/3.0.1P6/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp Host Agent","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://mysupport.netapp.com/info/communications/ECMLP2512371.html"},{"product":"OnCommand Balance","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/oncommand_ib/4.2.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapManager for Sharepoint","fixes":[],"instructions":"Disable SSLv2 and SSLv3 in SnapManager for SharePoint (SMSP) https://kb.netapp.com/support/index?page=content&id=3014544","wontfix":false,"eos_link":null},{"product":"NetApp Recovery Manager for Citrix Sharefile","fixes":[],"instructions":null,"wontfix":true,"eos_link":null},{"product":"OnCommand Report","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://mysupport.netapp.com/info/communications/ECMP1397557.html"},{"product":"Clustered Data ONTAP Antivirus Connector","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ontap_av_connector/1.0.3/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Data ONTAP operating in 7-Mode","fixes":[],"instructions":"Enable TLS then disable SSLv2 and v3 in ONTAP using the following KB article: https://kb.netapp.com/support/index?page=content&id=1015015","wontfix":false,"eos_link":null},{"product":"Data ONTAP PowerShell Toolkit","fixes":[{"link":"http://mysupport.netapp.com/tools/info/ECMLP2310788I.html?productID=61926","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Virtual Storage Console for Citrix XenServer","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://mysupport.netapp.com/info/communications/ECMP12466203.html"}],"kb_impact":"Exploitation of this vulnerability may lead to unauthorized disclosure of information.","kb_internal_notes":[{"burt":"860711","jira":"","product":"7-Mode Transition Tool"},{"burt":"860649","jira":"","product":"ATTO FibreBridge - 6500N"},{"burt":"860791","jira":"","product":"Brocade Data Center Fabric Manager Professional Software"},{"burt":"860788","jira":"","product":"Brocade Fabric Operating System Firmware"},{"burt":"860793","jira":"","product":"Brocade Fabric Operating System Firmware"},{"burt":"860789","jira":"","product":"Brocade Network Advisor Software"},{"burt":"860674","jira":"","product":"Cluster Network Switch (NetApp CN1610)"},{"burt":"860682","jira":"","product":"Clustered Data ONTAP"},{"burt":"860692","jira":"","product":"Clustered Data ONTAP"},{"burt":"860655","jira":"","product":"Clustered Data ONTAP Antivirus Connector"},{"burt":"860642","jira":"","product":"Data Migration Appliance DTA2800 (DTA Firmware)"},{"burt":"860643","jira":"","product":"Data Migration Appliance DTA2800 (DTA Firmware)"},{"burt":"860644","jira":"","product":"Data Migration Appliance DTA2800 (DTA Firmware)"},{"burt":"860645","jira":"","product":"Data Migration Appliance DTA2800 (DTA Firmware)"},{"burt":"860715","jira":"","product":"Data ONTAP Edge"},{"burt":"860686","jira":"","product":"Data ONTAP PowerShell Toolkit"},{"burt":"860706","jira":"","product":"Data ONTAP operating in 7-Mode"},{"burt":"860646","jira":"","product":"FAS/AFF BIOS"},{"burt":"860678","jira":"","product":"FlashRay"},{"burt":"860666","jira":"","product":"Host Utilities - SAN for ESX"},{"burt":"860670","jira":"","product":"Host Utilities - SAN for Windows"},{"burt":"860679","jira":"","product":"MetroCluster Plug-in for vSphere"},{"burt":"872570","jira":"","product":"Multipath I/O (Data ONTAP DSM for Windows MPIO)"},{"burt":"860658","jira":"","product":"NetApp Host Agent"},{"burt":"860652","jira":"","product":"NetApp Manageability SDK"},{"burt":"860800","jira":"","product":"NetApp NFS Plug-in for VMware VAAI"},{"burt":"860801","jira":"","product":"NetApp Plug-in for Symantec NetBackup"},{"burt":"860802","jira":"","product":"NetApp Plug-in for Symantec NetBackup"},{"burt":"860693","jira":"","product":"NetApp Recovery Manager for Citrix Sharefile"},{"burt":"860697","jira":"","product":"NetApp SMI-S Provider"},{"burt":"860707","jira":"","product":"NetApp Storage Encryption"},{"burt":"860712","jira":"","product":"NetApp VASA Provider for Clustered Data ONTAP 9.7 and above"},{"burt":"860713","jira":"","product":"NetApp VASA Provider for Data ONTAP operating in 7-Mode"},{"burt":"860716","jira":"","product":"NetApp VTL"},{"burt":"860656","jira":"","product":"OnCommand Balance"},{"burt":"860687","jira":"","product":"OnCommand Insight"},{"burt":"860684","jira":"","product":"OnCommand Performance Manager (Unified Manager Performance Pkg)"},{"burt":"860654","jira":"","product":"OnCommand Plug-in for Microsoft"},{"burt":"860681","jira":"","product":"OnCommand Report"},{"burt":"860659","jira":"","product":"OnCommand Unified Manager Core Package"},{"burt":"860676","jira":"","product":"OnCommand Unified Manager Host Package"},{"burt":"860683","jira":"","product":"OnCommand Unified Manager for Clustered Data ONTAP"},{"burt":"860717","jira":"","product":"OnCommand Workflow Automation"},{"burt":"860661","jira":"","product":"Open Systems SnapVault Agent"},{"burt":"860650","jira":"","product":"RapidData Migration Solution"},{"burt":"860647","jira":"","product":"Service Processor"},{"burt":"860694","jira":"","product":"Single Mailbox Recovery"},{"burt":"860690","jira":"","product":"Snap Creator Framework"},{"burt":"860691","jira":"","product":"SnapDrive for Unix"},{"burt":"860704","jira":"","product":"SnapDrive for Windows"},{"burt":"860695","jira":"","product":"SnapManager for Exchange"},{"burt":"860696","jira":"","product":"SnapManager for Hyper-V"},{"burt":"860703","jira":"","product":"SnapManager for MS SQL"},{"burt":"860699","jira":"","product":"SnapManager for Oracle"},{"burt":"860700","jira":"","product":"SnapManager for SAP"},{"burt":"860701","jira":"","product":"SnapManager for Sharepoint"},{"burt":"860705","jira":"","product":"SnapProtect"},{"burt":"860688","jira":"","product":"Storage Replication Adapter for Data ONTAP operating in 7-Mode 2.1"},{"burt":"860689","jira":"","product":"Storage Replication Adapter for Data ONTAP operating in 7-Mode 2.1"},{"burt":"860709","jira":"","product":"StorageGRID9 (9.x and prior)"},{"burt":"860653","jira":"","product":"System Manager 9.x"},{"burt":"860657","jira":"","product":"System Setup"},{"burt":"860718","jira":"","product":"Virtual Storage Console for Citrix XenServer"},{"burt":"860685","jira":"","product":"Virtual Storage Console for Red Hat Enterprise Virtualization"},{"burt":"860714","jira":"","product":"Virtual Storage Console for VMware vSphere 9.7 and above"}],"kb_investigating_list":[],"kb_num":"9010008","kb_ref":["http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566","https://www.openssl.org/%7Ebodo/ssl-poodle.pdf","http://googleonlinesecurity.blogspot.co.nz/2014/10/this-poodle-bites-exploiting-ssl-30.html?m=1","https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20141015","version":"1.0"},{"comment":"Added products to Affected Products and Products Not Affected","date":"20141016","version":"2.0"},{"comment":"Added products to Affected Products and Products Not Affected","date":"20141017","version":"3.0"},{"comment":"Updated Products Under Investigation","date":"20141020","version":"4.0"},{"comment":"Added products to Products Not Affected","date":"20141021","version":"5.0"},{"comment":"Updated Affected Products bug links; added products to Affected Products","date":"20141023","version":"6.0"},{"comment":"Updated Products Under Investigation; added products to Affected Products","date":"20141024","version":"7.0"},{"comment":"Updated Affected Products; additional explanation added to Software Versions and Fixes","date":"20141105","version":"8.0"},{"comment":"Updated Affected Products; added link to advisory; updated Software Versions and Fixes","date":"20141106","version":"9.0"},{"comment":"Edits to Software Versions and Fixes and Workarounds","date":"20141107","version":"10.0"},{"comment":"Updated Affected Products","date":"20141112","version":"11.0"},{"comment":"Updated Software Versions and Fixes","date":"20141201","version":"12.0"},{"comment":"Updated Products Under Investigation and Workarounds; minor edit","date":"20141204","version":"13.0"},{"comment":"Updated Host Utilities naming convention, Affected Products, and Products Not Affected","date":"20141205","version":"14.0"},{"comment":"Updated Software Versions and Fixes","date":"20141208","version":"15.0"},{"comment":"Corrected Red Hat VSC tracking ID","date":"20141222","version":"16.0"},{"comment":"Updated Software Versions and Fixes","date":"20150115","version":"17.0"},{"comment":"Updated Products Not Affected & Affected Products; removed Brocade DCFM products due to end of support","date":"20150126","version":"18.0"},{"comment":"Updated Affected Products & Products Not Affected; removed Agent for VCS and NetApp NFS & VSC for Apache Cloudstack due to End of Support status","date":"20150127","version":"19.0"},{"comment":"Updated Affected Products & Software Versions and Fixes","date":"20150128","version":"20.0"},{"comment":"Updated title with CVE & reworded summary","date":"20150204","version":"21.0"},{"comment":"Updated Affected Products & Software Versions and Fixes; removed multiple products due to EOS status","date":"20150206","version":"22.0"},{"comment":"Updated Affected Products, Software Versions and Fixes, & Workarounds","date":"20150213","version":"23.0"},{"comment":"Added detail on Virtual Storage Console for VMware vSphere in Workarounds","date":"20150220","version":"24.0"},{"comment":"Clarified Virtual Storage Console for VMware vSphere workaround","date":"20150223","version":"25.0"},{"comment":"Updated Affected Products & Workarounds, combined various SAN Host Utilities into \"Host Utilities - SAN for Unix and Linux\"","date":"20150225","version":"26.0"},{"comment":"Updated Affected Products","date":"20150226","version":"27.0"},{"comment":"Updated Software Versions and Fixes","date":"20150309","version":"28.0"},{"comment":"Updated Affected Products & Software Versions and Fixes","date":"20150313","version":"29.0"},{"comment":"Updated Software Versions and Fixes","date":"20150318","version":"30.0"},{"comment":"Updated Software Versions and Fixes","date":"20150320","version":"31.0"},{"comment":"Updated Software Versions and Fixes","date":"20150326","version":"32.0"},{"comment":"Updated Software Versions and Fixes","date":"20150327","version":"33.0"},{"comment":"Updated Software Versions and Fixes","date":"20150331","version":"34.0"},{"comment":"Updated Affected Products","date":"20150407","version":"35.0"},{"comment":"Updated Software Versions and Fixes SCF details","date":"20150409","version":"36.0"},{"comment":"Updated Affected Products & Products Not Affected","date":"20150414","version":"37.0"},{"comment":"Updated Software Versions and Fixes","date":"20150617","version":"38.0"},{"comment":"Updated Software Versions and Fixes & Products Not Affected","date":"20150618","version":"39.0"},{"comment":"Added EOA CPC links to Virtual Storage Console (VSC) for Citrix XenServer & Virtual Storage Console (VSC) for Red Hat","date":"20150619","version":"40.0"},{"comment":"Updated Affected Products & Products Not Affected - Host Utilities - SAN for ESX EOS","date":"20150625","version":"41.0"},{"comment":"Added OnCommand Insight & Cluster Network/Management Switches (Cisco) to Software Versions and Fixes","date":"20150626","version":"42.0"},{"comment":"Service Processor moved from Affected Products to Products Not Affected","date":"20150708","version":"43.0"},{"comment":"OnCommand Unified Manager Host Package added to Software Versions and Fixes","date":"20150827","version":"44.0"},{"comment":"Data ONTAP SMI-S Agent, NetApp Host Agent & OnCommand Report added to Software Versions and Fixes","date":"20150917","version":"45.0"},{"comment":"7-Mode Transition Tool, Brocade Network Advisor Software, Cluster Network/Management Switches (NetApp), Data Decryption Software, E-Series Storage Management Initiative Specification (SMI-S) Provider, E-Series/EF-Series SANtricity Management Plug-ins (WebServices) & OnCommand Plug-in for Microsoft added to Software Versions and Fixes","date":"20150922","version":"46.0"},{"comment":"NetApp Plugin for Symantec Netbackup added to Software Versions and Fixes","date":"20151006","version":"47.0"},{"comment":"SnapDrive for UNIX (SDU) and SnapDrive for Windows added to Software Versions and Fixes","date":"20151029","version":"48.0"},{"comment":"SnapManager for Oracle (SMO) and SnapManager for SAP (SMSAP) added to Software Versions and Fixes","date":"20151202","version":"49.0"},{"comment":"FAS/V-Series Storage Replication Adapter for Clustered Data ONTAP & FAS/V-Series Storage Replication Adapter for 7mode Data ONTAP added to Workarounds.","date":"20151222","version":"50.0"},{"comment":"Updated Virtual Storage Console for VMware vSphere workaround.","date":"20160216","version":"51.0"},{"comment":"Added fix link for Snap Creator Framework 4.3 under Software Versions and Fixes","date":"20160308","version":"52.0"},{"comment":"SnapProtect added to Software Versions and Fixes","date":"20160811","version":"53.0"},{"comment":"Formatting; Clustered Data ONTAP Antivirus Connector added to Software Versions and Fixes","date":"20160831","version":"54.0"},{"comment":"Cisco MDS, Fibre Channel Switch (Cisco), Data ONTAP PowerShell Toolkit added to Software Versions and Fixes; Updated fix for OnCommand Unified Manager for Clustered Data ONTAP (6.x)","date":"20160906","version":"55.0"},{"comment":"RBAC User Creator for Data ONTAP removed due to being a Toolchest product that is supported in the communities","date":"20161108","version":"56.0"},{"comment":"OnCommand Unified Manager Core Package added back to the advisory after inadvertently being removed","date":"20170214","version":"57.0"},{"comment":"NetApp SMI-S Provider added to Software Versions and Fixes, Final status","date":"20191021","version":"58.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2014-3566":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},"kb_scoring_calc":[{"cve_id":"CVE-2014-3566","range":"LOW","score":3.4,"vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate the OpenSSL software libraries to provide cryptographic capabilities. The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a vulnerability also known as POODLE. NetApp is investigating which products use SSL v3.0. Known workarounds include disabling SSL v3.0 and/or forcing the use of TLS only. This advisory will be updated as additional information becomes available.","kb_title":"CVE-2014-3566 SSL v3.0 Nondeterministic CBC Padding Vulnerability in Multiple NetApp Products","kb_unaffected_list":["ATTO FibreBridge - 6500N","Cloud Manager","Data Migration Appliance DTA2800 (DTA Firmware)","Data ONTAP Edge","E-Series SANtricity Storage Manager","E-Series SANtricity Web Services (REST API) for Web Services Proxy","FAS/AFF BIOS","Host Utilities - SAN for ESX","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","MetroCluster Plug-in for vSphere","Multipath I/O (Data ONTAP DSM for Windows MPIO)","NetApp Cloud Backup (formerly AltaVault)","NetApp NFS Plug-in for VMware VAAI","NetApp SANtricity SMI-S Provider","NetApp Storage Encryption","Single Mailbox Recovery","SnapManager for Exchange","SnapManager for Hyper-V","SnapManager for MS SQL","Storage Services Connector","StorageGRID (formerly StorageGRID Webscale)","StorageGRID9 (9.x and prior)","System Setup"],"kb_workarounds":"Where possible, disable SSL v3.0 and use TLSv1.0 or above. SSLv2 is not a recommended workaround.\r\n<ul><li>Disable SSLv3 for System Setup: <a href=\"https://kb.netapp.com/Advice_and_Troubleshooting/Miscellaneous/How_to_disable_SSLv3_for_System_Setup\" target=\"_blank\">https://kb.netapp.com/Advice_and_Troubleshooting/Miscellaneous/How_to_disable_SSLv3_for_System_Setup</a> </li><li>Disable SSLv2 and SSLv3 in OnCommand Unified Manager 5.2.1GA <a href=\"https://kb.netapp.com/support/index?page=content&amp;id=3014517\" target=\"_blank\">https://kb.netapp.com/support/index?page=content&amp;id=3014517</a></li><li>Disable SSLv2 and SSLv3 in SnapManager for SharePoint (SMSP) <a href=\"https://kb.netapp.com/support/index?page=content&amp;id=3014544\" target=\"_blank\">https://kb.netapp.com/support/index?page=content&amp;id=3014544</a></li><li>Disable SSLv2 and SSLv3 in Data ONTAP <a href=\"https://kb.netapp.com/support/index?page=content&amp;id=1015015\" target=\"_blank\">https://kb.netapp.com/support/index?page=content&amp;id=1015015</a></li><li>For Virtual Storage Console for VMware vSphere versions 5.0P1, 4.2.2 and earlier follow the steps in KB <a href=\"https://kb.netapp.com/support/index?page=content&amp;id=2026327\" target=\"_blank\">2026327</a>.</li><li>FAS/V-Series Storage Replication Adapter for Clustered &amp; 7mode Data ONTAP - to use exclusively TLS, an upgrade to SRM 6.0 is required along with enabling SSL communication using KB <a href=\"https://kb.netapp.com/support/index?page=content&amp;id=1012531\" target=\"_blank\">1012531 </a>.</li></ul>","ntap_advisory_id":"NTAP-20141015-0001","adv_id":"ntap-20141015-0001","published_date":"2014-10-15T00:00:00","updated_date":"2019-10-21T00:00:00","inserted_date":"2025-05-27T05:01:19.616000","modified_date":null}}