{"status":"success","advisory":{"_id":"6835471f5b16347a91c39c53","kb_acknowledgements":null,"kb_affected_list":["Clustered Data ONTAP","Clustered Data ONTAP Antivirus Connector","Data ONTAP Edge","Data ONTAP operating in 7-Mode","NetApp Host Agent","NetApp Manageability SDK","NetApp SANtricity SMI-S Provider","NetApp SMI-S Provider","NetApp VTL","OnCommand Balance","OnCommand Report","OnCommand Unified Manager Core Package","OnCommand Unified Manager Host Package","OnCommand Workflow Automation","Open Systems SnapVault Agent","Service Processor","SnapDrive for Unix","SnapDrive for Windows","SnapProtect","StorageGRID9 (9.x and prior)"],"kb_bad_data":false,"kb_cve":["CVE-2014-3571","CVE-2015-0206","CVE-2015-0205","CVE-2014-3570","CVE-2015-0204","CVE-2014-3572","CVE-2014-8275","CVE-2014-3569"],"kb_exploitation":"Public","kb_fixes":[{"product":"NetApp Manageability SDK","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/nmsdk/5.3.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Unified Manager Host Package","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://library-clnt.dmz.netapp.com/info/communications/ECMP1400690.html"},{"product":"OnCommand Unified Manager Core Package","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/occore_win/5.2.1P1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/occore_lin/5.2.1P1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapDrive for Windows","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapdrive_win/7.1.2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp SANtricity SMI-S Provider","fixes":[{"link":"https://kb.netapp.com/support/index?page=content&id=1015347","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapDrive for Unix","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapdrive_redhatlinux/5.3/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp SMI-S Provider","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/smis/Windows/5.2.1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/smis/Linux/5.2.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp VTL","fixes":[],"instructions":null,"wontfix":true,"eos_link":"mysupport.netapp.com/info/eoa/df_eoa_category_page.html?category=Platforms#ECMLP2562710"},{"product":"OnCommand Workflow Automation","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ocwfa/3.0/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Open Systems SnapVault Agent","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/aix/3.0.1P7/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/hpux/3.0.1P7/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/linux/3.0.1P7/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/sol/3.0.1P7/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/solx86/3.0.1P7/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/esx/3.0.1P7/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/win2003/3.0.1P7/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/snapvault_oss/win2008/3.0.1P7/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Clustered Data ONTAP","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ontap/8.3.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp Host Agent","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://mysupport.netapp.com/info/communications/ECMLP2512371.html"},{"product":"OnCommand Balance","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/oncommand_ib/4.2P4/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Service Processor","fixes":[],"instructions":null,"wontfix":true,"eos_link":null},{"product":"OnCommand Report","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://mysupport.netapp.com/info/communications/ECMP1397557.html"},{"product":"Clustered Data ONTAP Antivirus Connector","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ontap_av_connector/1.0.3/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Data ONTAP Edge","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ontap_edge_cmode/8.3.1.131/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapProtect","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapprotect/11.0SP4/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"StorageGRID9 (9.x and prior)","fixes":[{"link":"https://kb.netapp.com/support/index?page=content&id=1014874","cves":[]}],"instructions":"Apply Novell SLES security patches.","wontfix":false,"eos_link":null},{"product":"Data ONTAP operating in 7-Mode","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ontap/8.2.4/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Exploitation of these vulnerabilities may lead to a client authenticating without the use of a private key, a Denial of Service attack, a NULL pointer dereference, removal of the forward secrecy from the cipher suite, a downgrading of the security of a session, as well as modification of a certificate's fingerprint.","kb_internal_notes":[{"burt":"879629","jira":"","product":"Cluster Network Switch (NetApp CN1610)"},{"burt":"879636","jira":"","product":"Clustered Data ONTAP"},{"burt":"879623","jira":"","product":"Clustered Data ONTAP Antivirus Connector"},{"burt":"879644","jira":"","product":"Data ONTAP Edge"},{"burt":"879640","jira":"","product":"Data ONTAP operating in 7-Mode"},{"burt":"879632","jira":"","product":"FlashRay"},{"burt":"879625","jira":"","product":"NetApp Host Agent"},{"burt":"879622","jira":"","product":"NetApp Manageability SDK"},{"burt":"","jira":"","product":"NetApp SANtricity SMI-S Provider"},{"burt":"879637","jira":"","product":"NetApp SMI-S Provider"},{"burt":"879641","jira":"","product":"NetApp Storage Encryption"},{"burt":"879645","jira":"","product":"NetApp VTL"},{"burt":"879624","jira":"","product":"OnCommand Balance"},{"burt":"879634","jira":"","product":"OnCommand Performance Manager (Unified Manager Performance Pkg)"},{"burt":"879633","jira":"","product":"OnCommand Report"},{"burt":"879626","jira":"","product":"OnCommand Unified Manager Core Package"},{"burt":"879627","jira":"","product":"OnCommand Unified Manager Core Package"},{"burt":"879631","jira":"","product":"OnCommand Unified Manager Host Package"},{"burt":"879646","jira":"","product":"OnCommand Workflow Automation"},{"burt":"879628","jira":"","product":"Open Systems SnapVault Agent"},{"burt":"879621","jira":"","product":"Service Processor"},{"burt":"879635","jira":"","product":"SnapDrive for Unix"},{"burt":"879638","jira":"","product":"SnapDrive for Windows"},{"burt":"879639","jira":"","product":"SnapProtect"},{"burt":"879642","jira":"","product":"StorageGRID9 (9.x and prior)"}],"kb_investigating_list":[],"kb_num":"9010028","kb_ref":["https://www.openssl.org/news/vulnerabilities.html","http://openssl.org/news/secadv_20150108.txt","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3571","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0206","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0205","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3570","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0204","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3572","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8275","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3569"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20150205","version":"1.0"},{"comment":"Updated Affected Products","date":"20150211","version":"2.0"},{"comment":"Updated Affected Products & Software Versions and Fixes","date":"20150213","version":"3.0"},{"comment":"Updated Affected Products & Software Versions and Fixes","date":"20150217","version":"4.0"},{"comment":"Updated Software Versions and Fixes& Products Not Affected","date":"20150227","version":"5.0"},{"comment":"Updated Software Versions and Fixes","date":"20150320","version":"6.0"},{"comment":"Updated Software Versions and Fixes","date":"20150326","version":"7.0"},{"comment":"Updated Products Not Affected","date":"20150401","version":"8.0"},{"comment":"Updated Software Versions and Fixes","date":"20150409","version":"9.0"},{"comment":"Updated Software Versions and Fixes","date":"20150429","version":"10.0"},{"comment":"Updated Products Not Affected","date":"20150501","version":"11.0"},{"comment":"Updated Affected Products","date":"20150521","version":"12.0"},{"comment":"Updated Affected Products & Software Versions and Fixes","date":"20150528","version":"13.0"},{"comment":"Added StorageGRID to Products With Revised Vulnerability Status & Software Versions and Fixes","date":"20150626","version":"14.0"},{"comment":"OnCommand Unified Manager Core Package (5.x) added to Software Versions and Fixes","date":"20150721","version":"15.0"},{"comment":"OnCommand Unified Manager Host Package added to Software Versions and Fixes","date":"20150828","version":"16.0"},{"comment":"Clustered Data ONTAP added to Software Versions and Fixes","date":"20150911","version":"17.0"},{"comment":"Data ONTAP SMI-S Agent & OnCommand Report added to Software Versions and Fixes","date":"20150917","version":"18.0"},{"comment":"SnapDrive for UNIX (SDU) and SnapDrive for Windows added to Software Versions and Fixes","date":"20151029","version":"19.0"},{"comment":"Data ONTAP Edge & Storage Management Initiative Specification (SMI-S) Providers for E-Series added to Software Versions and Fixes","date":"20160216","version":"20.0"},{"comment":"Data ONTAP operating in 7-Mode, SnapProtect added to Software Versions and Fixes; Remote Support Diagnostics Tool removed due to EOS","date":"20160811","version":"21.0"},{"comment":"NetApp Host Agent and Clustered Data ONTAP Antivirus Connector added to Software Versions and Fixes; Final status","date":"20160831","version":"22.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2014-3569":"CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C","CVE-2014-3570":"CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:C","CVE-2014-3571":"CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C","CVE-2014-3572":"CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:C","CVE-2014-8275":"CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:C","CVE-2015-0204":"CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:C","CVE-2015-0205":"CVSS:2.0/AV:N/AC:H/Au:S/C:P/I:N/A:N/E:U/RL:U/RC:C","CVE-2015-0206":"CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C"},"kb_scoring_calc":[{"cve_id":"CVE-2014-3569","range":"MEDIUM","score":4.3,"vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C"},{"cve_id":"CVE-2014-3570","range":"LOW","score":2.2,"vector":"AV:N/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:C"},{"cve_id":"CVE-2014-3571","range":"MEDIUM","score":4.3,"vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C"},{"cve_id":"CVE-2014-3572","range":"LOW","score":2.2,"vector":"AV:N/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:C"},{"cve_id":"CVE-2014-8275","range":"LOW","score":2.2,"vector":"AV:N/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:C"},{"cve_id":"CVE-2015-0204","range":"LOW","score":2.2,"vector":"AV:N/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:C"},{"cve_id":"CVE-2015-0205","range":"LOW","score":1.8,"vector":"AV:N/AC:H/Au:S/C:P/I:N/A:N/E:U/RL:U/RC:C"},{"cve_id":"CVE-2015-0206","range":"MEDIUM","score":4.3,"vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate the OpenSSL software libraries to provide cryptographic capabilities. OpenSSL versions below 1.0.1k, 1.0.0p and 0.9.8zd are susceptible to vulnerabilities that could lead to a client authenticating without the use of a private key, a Denial of Service attack, a NULL pointer dereference, removal of the forward secrecy from the cipher suite, a downgrading of the security of a session, or modification of a certificate's fingerprint. NetApp is investigating which products use affected versions of OpenSSL. This advisory will be updated as additional information becomes available.","kb_title":"January 2015 OpenSSL Vulnerabilities in Multiple NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","ATTO FibreBridge - 6500N","Brocade Fabric Operating System Firmware","Cloud Manager","Cluster Network Switch (NetApp CN1610)","E-Series SANtricity Storage Manager","E-Series SANtricity Web Services (REST API) for Web Services Proxy","FAS/AFF BIOS","FlashRay","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","NetApp Cloud Backup (formerly AltaVault)","NetApp NFS Plug-in for VMware VAAI","NetApp Storage Encryption","OnCommand Insight","OnCommand Performance Manager (Unified Manager Performance Pkg)","Single Mailbox Recovery","Snap Creator Framework","SnapManager for Exchange","SnapManager for Hyper-V","SnapManager for Oracle","SnapManager for SAP","SnapManager for Sharepoint","Storage Services Connector","StorageGRID (formerly StorageGRID Webscale)","System Manager 9.x"],"kb_workarounds":"None.","ntap_advisory_id":"NTAP-20150205-0001","adv_id":"ntap-20150205-0001","published_date":"2015-02-05T00:00:00","updated_date":"2016-08-31T00:00:00","inserted_date":"2025-05-27T05:01:19.916000","modified_date":null}}