{"status":"success","advisory":{"_id":"6835471f5b16347a91c39c41","kb_acknowledgements":null,"kb_affected_list":["Brocade Data Center Fabric Manager Professional Software","Brocade Fabric Operating System Firmware","Brocade Network Advisor Software","Cluster Network Switch (NetApp CN1610)","Clustered Data ONTAP","NetApp Host Agent","NetApp SMI-S Provider","NetApp VTL","OnCommand Balance","OnCommand Report","OnCommand Unified Manager Core Package","OnCommand Unified Manager Host Package","OnCommand Workflow Automation","Open Systems SnapVault Agent","RapidData Migration Solution","StorageGRID9 (9.x and prior)"],"kb_bad_data":false,"kb_cve":["CVE-2014-3513","CVE-2014-3567","CVE-2014-3568"],"kb_exploitation":"Public","kb_fixes":[{"product":"OnCommand Unified Manager Host Package","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://library-clnt.dmz.netapp.com/info/communications/ECMP1400690.html"},{"product":"OnCommand Unified Manager Core Package","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/occore_win/5.2.1P1/","cves":[]},{"link":"https://mysupport.netapp.com/NOW/download/software/occore_lin/5.2.1P1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp VTL","fixes":[],"instructions":null,"wontfix":true,"eos_link":"mysupport.netapp.com/info/eoa/df_eoa_category_page.html?category=Platforms#ECMLP2562710"},{"product":"NetApp SMI-S Provider","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/smis/Windows/5.2.1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/smis/Linux/5.2.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp Host Agent","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://mysupport.netapp.com/info/communications/ECMLP2512371.html"},{"product":"Open Systems SnapVault Agent","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/snapvault_oss/aix/3.0.1P6/","cves":[]},{"link":"https://mysupport.netapp.com/NOW/download/software/snapvault_oss/hpux/3.0.1P6/","cves":[]},{"link":"https://mysupport.netapp.com/NOW/download/software/snapvault_oss/linux/3.0.1P6/","cves":[]},{"link":"https://mysupport.netapp.com/NOW/download/software/snapvault_oss/sol/3.0.1P6/","cves":[]},{"link":"https://mysupport.netapp.com/NOW/download/software/snapvault_oss/solx86/3.0.1P6/","cves":[]},{"link":"https://mysupport.netapp.com/NOW/download/software/snapvault_oss/esx/3.0.1P6/","cves":[]},{"link":"https://mysupport.netapp.com/NOW/download/software/snapvault_oss/win2003/3.0.1P6/","cves":[]},{"link":"https://mysupport.netapp.com/NOW/download/software/snapvault_oss/win2008/3.0.1P6/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Clustered Data ONTAP","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ontap/8.3.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Brocade Fabric Operating System Firmware","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/sanswitch/fcp/Brocade/ (7.4.0)","cves":[]},{"link":"https://www.brocadeassist.com/public/NetAppRelease (6.0.1)","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Balance","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/oncommand_ib/4.2P2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Brocade Data Center Fabric Manager Professional Software","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2850034.html"},{"product":"OnCommand Report","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://mysupport.netapp.com/info/communications/ECMP1397557.html"},{"product":"RapidData Migration Solution","fixes":[],"instructions":null,"wontfix":true,"eos_link":null},{"product":"Cluster Network Switch (NetApp CN1610)","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/sanswitch/fcp/NetApp/cn1610cm/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Workflow Automation","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ocwfa/3.0/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"StorageGRID9 (9.x and prior)","fixes":[],"instructions":null,"wontfix":true,"eos_link":null}],"kb_impact":"Exploitation of this vulnerability may lead to unauthorized disclosure of information.","kb_internal_notes":[{"burt":"860853","jira":"","product":"Brocade Data Center Fabric Manager Professional Software"},{"burt":"860849","jira":"","product":"Brocade Fabric Operating System Firmware"},{"burt":"860850","jira":"","product":"Brocade Fabric Operating System Firmware"},{"burt":"860851","jira":"","product":"Brocade Network Advisor Software"},{"burt":"860866","jira":"","product":"Cluster Network Switch (NetApp CN1610)"},{"burt":"860871","jira":"","product":"Clustered Data ONTAP"},{"burt":"860874","jira":"","product":"Clustered Data ONTAP"},{"burt":"860859","jira":"","product":"Clustered Data ONTAP Antivirus Connector"},{"burt":"860882","jira":"","product":"Data ONTAP Edge"},{"burt":"860878","jira":"","product":"Data ONTAP operating in 7-Mode"},{"burt":"860869","jira":"","product":"FlashRay"},{"burt":"860861","jira":"","product":"NetApp Host Agent"},{"burt":"860858","jira":"","product":"NetApp Manageability SDK"},{"burt":"860875","jira":"","product":"NetApp SMI-S Provider"},{"burt":"860879","jira":"","product":"NetApp Storage Encryption"},{"burt":"860883","jira":"","product":"NetApp VTL"},{"burt":"860860","jira":"","product":"OnCommand Balance"},{"burt":"860872","jira":"","product":"OnCommand Performance Manager (Unified Manager Performance Pkg)"},{"burt":"860870","jira":"","product":"OnCommand Report"},{"burt":"860862","jira":"","product":"OnCommand Unified Manager Core Package"},{"burt":"860868","jira":"","product":"OnCommand Unified Manager Host Package"},{"burt":"860884","jira":"","product":"OnCommand Workflow Automation"},{"burt":"860864","jira":"","product":"Open Systems SnapVault Agent"},{"burt":"860857","jira":"","product":"RapidData Migration Solution"},{"burt":"860847","jira":"","product":"Service Processor"},{"burt":"860873","jira":"","product":"SnapDrive for Unix"},{"burt":"860876","jira":"","product":"SnapDrive for Windows"},{"burt":"860877","jira":"","product":"SnapProtect"},{"burt":"860880","jira":"","product":"StorageGRID9 (9.x and prior)"}],"kb_investigating_list":[],"kb_num":"9010009","kb_ref":["http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3513","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3567","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3568","https://www.openssl.org/news/secadv_20141015.txt","https://www.openssl.org/news/vulnerabilities.html"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20141015","version":"1.0"},{"comment":"Updated Products Under Investigation, Affected Products, and Products Not Affected; formatting","date":"20141024","version":"2.0"},{"comment":"Updated Affected Products","date":"20141111","version":"3.0"},{"comment":"Updated Affected Products","date":"20141112","version":"4.0"},{"comment":"Updated Affected Products & Products Not Affected","date":"20141118","version":"5.0"},{"comment":"Updated Products Not Affected","date":"20141201","version":"6.0"},{"comment":"Updated Software Versions and Fixes","date":"20141223","version":"7.0"},{"comment":"Updated Affected Products & Software Versions and Fixes","date":"20150115","version":"8.0"},{"comment":"Updated Affected Products, Products Not Affected, & title; removed Brocade DCFM products due to EOS; updated products names where necessary","date":"20150203","version":"9.0"},{"comment":"Updated Affected Products & Software Versions and Fixes","date":"20150212","version":"10.0"},{"comment":"Corrected ID link","date":"20150217","version":"11.0"},{"comment":"Updated Affected Products","date":"20150227","version":"12.0"},{"comment":"Updated Software Versions and Fixes","date":"20150326","version":"13.0"},{"comment":"Corrected a bug id","date":"20150617","version":"14.0"},{"comment":"Updated Products Not Affected","date":"20150619","version":"15.0"},{"comment":"Added Cluster Network/Management Switches (NetApp) to Software Versions and Fixes","date":"20150626","version":"16.0"},{"comment":"OnCommand Unified Manager Core Package (5.x) updated for a fix in Software Versions and Fixes","date":"20150721","version":"17.0"},{"comment":"OnCommand Unified Manager Host Package added to Software Versions and Fixes","date":"20150828","version":"18.0"},{"comment":"Clustered Data ONTAP added to Software Versions and Fixes","date":"20150911","version":"19.0"},{"comment":"Data ONTAP SMI-S Agent & NetApp Host Agent added to Software Versions and Fixes","date":"20150917","version":"20.0"},{"comment":"Netapp Storage Encryption was re-assessed as not affected and was moved to Products Not Affected","date":"20151222","version":"21.0"},{"comment":"Fibre Channel Switch (Cisco), Cisco MDS & Cisco Nexus 5k/6k moved to Products Not Affected","date":"20150126","version":"22.0"},{"comment":"Brocade Network Advisor Software moved to Affected Products & added to Software Versions and Fixes","date":"20160301","version":"23.0"},{"comment":"Brocade Fabric Operating System Firmware and Brocade Network Operating System Firmware moved to Affected Products & added to Software Versions and Fixes, Fibre Channel Switch (Brocade) removed as separate item due to coverage under Brocade Fabric Operating System Firmware, StorageGRID moved to Affected Products & added to Software Versions and Fixes; Storage Management Initiative Specification (SMI-S) Providers for E-Series moved to Products Not Affected; Final status","date":"20161213","version":"24.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2014-3513":"CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C","CVE-2014-3567":"CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:U/RC:C","CVE-2014-3568":"CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:P/E:ND/RL:U/RC:C"},"kb_scoring_calc":[{"cve_id":"CVE-2014-3513","range":"MEDIUM","score":4.3,"vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C"},{"cve_id":"CVE-2014-3567","range":"LOW","score":3.9,"vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:U/RC:C"},{"cve_id":"CVE-2014-3568","range":"LOW","score":2.6,"vector":"AV:N/AC:H/Au:N/C:N/I:N/A:P/E:ND/RL:U/RC:C"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate the OpenSSL software libraries to provide cryptographic capabilities. OpenSSL versions through 1.0.1i are susceptible to memory leaks caused by carefully crafted handshake messages or a large number of invalid session tickets that could be exploited to cause a Denial of Service attack. Additionally, OpenSSL servers and clients will complete SSLv3 handshakes even when compiled with the \"no-ssl3\" build option. NetApp is investigating which products use affected versions of OpenSSL.","kb_title":"October 2014 OpenSSL Vulnerabilities in Multiple NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","ATTO FibreBridge - 6500N","Cloud Manager","Clustered Data ONTAP Antivirus Connector","Data ONTAP Edge","Data ONTAP operating in 7-Mode","E-Series SANtricity Storage Manager","E-Series SANtricity Web Services (REST API) for Web Services Proxy","FAS/AFF BIOS","FlashRay","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","NetApp Cloud Backup (formerly AltaVault)","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp SANtricity SMI-S Provider","NetApp Storage Encryption","OnCommand Insight","OnCommand Performance Manager (Unified Manager Performance Pkg)","Service Processor","Single Mailbox Recovery","Snap Creator Framework","SnapDrive for Unix","SnapDrive for Windows","SnapManager for Exchange","SnapManager for Hyper-V","SnapManager for Oracle","SnapManager for SAP","SnapManager for Sharepoint","SnapProtect","Storage Services Connector","StorageGRID (formerly StorageGRID Webscale)","System Manager 9.x"],"kb_workarounds":"","ntap_advisory_id":"NTAP-20141015-0002","adv_id":"ntap-20141015-0002","published_date":"2014-10-15T00:00:00","updated_date":"2016-12-13T00:00:00","inserted_date":"2025-05-27T05:01:19.634000","modified_date":null}}