{"status":"success","advisory":{"_id":"683547205b16347a91c39c5e","kb_acknowledgements":null,"kb_affected_list":["Cluster Network Switch (NetApp CN1610)","Clustered Data ONTAP","Clustered Data ONTAP Antivirus Connector","Data ONTAP Edge","Data ONTAP operating in 7-Mode","FlashRay","NetApp Cloud Backup (formerly AltaVault)","NetApp Host Agent","NetApp Manageability SDK","NetApp SANtricity SMI-S Provider","NetApp SMI-S Provider","OnCommand Balance","OnCommand Report","OnCommand Unified Manager Core Package","OnCommand Unified Manager Host Package","OnCommand Workflow Automation","Open Systems SnapVault Agent","Remote Support Diagnostics Tool","Service Processor","SnapDrive for Windows","SnapProtect"],"kb_bad_data":false,"kb_cve":["CVE-2015-4000","CVE-2015-1788","CVE-2015-1789","CVE-2015-1790","CVE-2015-1792","CVE-2015-1791","CVE-2014-8176"],"kb_exploitation":"Public","kb_fixes":[{"product":"OnCommand Unified Manager Core Package","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/occore_win/5.2.3/","cves":[]},{"link":"https://mysupport.netapp.com/NOW/download/software/occore_lin/5.2.3/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp Manageability SDK","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/nmsdk/5.5/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Unified Manager Host Package","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://library-clnt.dmz.netapp.com/info/communications/ECMP1400690.html"},{"product":"FlashRay","fixes":[],"instructions":null,"wontfix":true,"eos_link":"n/a"},{"product":"SnapDrive for Windows","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/snapdrive_win/7.1.4/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp SANtricity SMI-S Provider","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/santricity_smis_provider/10.34/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapProtect","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2426797.html"},{"product":"NetApp SMI-S Provider","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/smis/Windows/5.2.3/","cves":[]},{"link":"https://mysupport.netapp.com/NOW/download/software/smis/Linux/5.2.3/","cves":[]},{"link":"https://mysupport.netapp.com/products/smis/5.2.5/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Remote Support Diagnostics Tool","fixes":[],"instructions":null,"wontfix":true,"eos_link":null},{"product":"Open Systems SnapVault Agent","fixes":[{"link":"https://support.netapp.com/NOW/download/software/snapvault_oss/win2003/3.0.1P8","cves":[]},{"link":"https://support.netapp.com/NOW/download/software/snapvault_oss/win2008/3.0.1P8","cves":[]},{"link":"https://support.netapp.com/NOW/download/software/snapvault_oss/linux/3.0.1P8","cves":[]},{"link":"https://support.netapp.com/NOW/download/software/snapvault_oss/solx86/3.0.1P8","cves":[]},{"link":"https://support.netapp.com/NOW/download/software/snapvault_oss/sol/3.0.1P8","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Clustered Data ONTAP","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ontap/8.3.2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp Host Agent","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://mysupport.netapp.com/info/communications/ECMLP2512371.html"},{"product":"OnCommand Balance","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/oncommand_ib/4.2.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Service Processor","fixes":[],"instructions":null,"wontfix":true,"eos_link":null},{"product":"OnCommand Report","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://mysupport.netapp.com/info/communications/ECMP1397557.html"},{"product":"Clustered Data ONTAP Antivirus Connector","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ontap_av_connector/1.0.3/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Cluster Network Switch (NetApp CN1610)","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/sanswitch/fcp/NetApp/cn1610cm/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Data ONTAP Edge","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ontap/8.3.2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Workflow Automation","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ocwfa/3.1P1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Data ONTAP operating in 7-Mode","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ontap/8.2.5/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp Cloud Backup (formerly AltaVault)","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/altavault_virtualapp/4.1.1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/altavault_phyapp/4.1.1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/altavault_ava800/4.1.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Exploitation of these vulnerabilities may lead to a Denial of Service (DoS).","kb_internal_notes":[{"burt":"923537","jira":"","product":"Cluster Network Switch (NetApp CN1610)"},{"burt":"923544","jira":"","product":"Clustered Data ONTAP"},{"burt":"923530","jira":"","product":"Clustered Data ONTAP Antivirus Connector"},{"burt":"923550","jira":"","product":"Data ONTAP Edge"},{"burt":"923548","jira":"","product":"Data ONTAP operating in 7-Mode"},{"burt":"923539","jira":"","product":"FlashRay"},{"burt":"","jira":"","product":"NetApp Cloud Backup (formerly AltaVault)"},{"burt":"923533","jira":"","product":"NetApp Host Agent"},{"burt":"923529","jira":"","product":"NetApp Manageability SDK"},{"burt":"","jira":"","product":"NetApp SANtricity SMI-S Provider"},{"burt":"923545","jira":"","product":"NetApp SMI-S Provider"},{"burt":"923542","jira":"","product":"NetApp Storage Encryption"},{"burt":"923551","jira":"","product":"NetApp VTL"},{"burt":"923531","jira":"","product":"OnCommand Balance"},{"burt":"923541","jira":"","product":"OnCommand Performance Manager (Unified Manager Performance Pkg)"},{"burt":"923540","jira":"","product":"OnCommand Report"},{"burt":"923534","jira":"","product":"OnCommand Unified Manager Core Package"},{"burt":"923538","jira":"","product":"OnCommand Unified Manager Host Package"},{"burt":"923552","jira":"","product":"OnCommand Workflow Automation"},{"burt":"923536","jira":"","product":"Open Systems SnapVault Agent"},{"burt":"","jira":"","product":"Remote Support Diagnostics Tool"},{"burt":"923558","jira":"","product":"Service Processor"},{"burt":"923543","jira":"","product":"SnapDrive for Unix"},{"burt":"923546","jira":"","product":"SnapDrive for Windows"},{"burt":"923547","jira":"","product":"SnapProtect"}],"kb_investigating_list":[],"kb_num":"9010038","kb_ref":["https://www.openssl.org/news/vulnerabilities.html","https://www.openssl.org/news/secadv_20150611.txt","https://www.openssl.org/news/openssl-1.0.2-notes.html","https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4000","https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1788","https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1789","https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1790","https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1792","https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1791","https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8176"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20150616","version":"1.0"},{"comment":"Updated Affected Products & Products Not Affected","date":"20150617","version":"2.0"},{"comment":"Updated Affected Products","date":"20150618","version":"3.0"},{"comment":"Updated Affected Products","date":"20150623","version":"4.0"},{"comment":"OnCommand Performance Manager (Unified Manager Performance Pkg) moved to Products Not Affected; FlashRay & NetApp Manageability SDK moved to Affected Products","date":"20150709","version":"5.0"},{"comment":"Clustered Data ONTAP & Data ONTAP Edge moved to Affected Products","date":"20150727","version":"6.0"},{"comment":"OnCommand Workflow Automation for Windows added to Software Versions and Fixes","date":"20151030","version":"7.0"},{"comment":"OnCommand Workflow Automation Linux removed from Software Versions and Fixes as it does not incorporate the OpenSSL software libraries","date":"20151102","version":"8.0"},{"comment":"NetApp Storage Encryption moved to Products Not Affected; Open Systems SnapVault Agent moved to Affected Products","date":"20151222","version":"9.0"},{"comment":"OnCommand Unified Manager Host Package removed; Clustered Data ONTAP Antivirus Connector & Storage Management Initiative Specification (SMI-S) Providers for E-Series moved to Affected Products","date":"20160126","version":"10.0"},{"comment":"Storage Management Initiative Specification (SMI-S) Providers for E-Series added to Software Versions and Fixes","date":"20160202","version":"11.0"},{"comment":"Data ONTAP operating in 7-Mode moved to Affected Products","date":"20160216","version":"12.0"},{"comment":"Clustered Data ONTAP, Data ONTAP Edge added to Software Versions and Fixes","date":"20160315","version":"13.0"},{"comment":"NetApp AltaVault added to Software Versions and Fixes","date":"20160503","version":"14.0"},{"comment":"NetApp Manageability SDK added to Software Versions and Fixes","date":"20160628","version":"15.0"},{"comment":"FlashRay, OnCommand Report & Remote Support Diagnostics Tool removed due to EOL and EOS","date":"20160811","version":"16.0"},{"comment":"SnapDrive for Unix, NetApp Host Agent, Clustered Data ONTAP Antivirus Connector added to Software Versions and Fixes","date":"20160831","version":"17.0"},{"comment":"SnapDrive for Windows moved to Affected Products","date":"20161117","version":"18.0"},{"comment":"NetApp SMI-S Provider added to Software Versions and Fixes","date":"20161206","version":"19.0"},{"comment":"SnapDrive for Windows added to Software Versions and Fixes","date":"20161223","version":"20.0"},{"comment":"Cluster Network Switch (NetApp CN1610) moved to Affected Products","date":"20170124","version":"21.0"},{"comment":"Open Systems SnapVault Agent added to Software Versions and Fixes","date":"20170228","version":"22.0"},{"comment":"Data ONTAP operating in 7-Mode added to Software Versions and Fixes","date":"20170815","version":"23.0"},{"comment":"OnCommand Balance added to Software Versions and Fixes","date":"20180122","version":"24.0"},{"comment":"OnCommand Unified Manager for 7-Mode (core package) added to Software Versions and Fixes","date":"20180621","version":"25.0"},{"comment":"Cluster Network Switch (NetApp CN1610) added to Software Versions and Fixes","date":"20180823","version":"26.0"},{"comment":"SnapProtect moved to Won't Fix status","date":"20190531","version":"27.0"},{"comment":"NetApp SMI-S Provider added to Software Versions and Fixes, Final status","date":"20190724","version":"28.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2014-8176":"CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:C","CVE-2015-1788":"CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C","CVE-2015-1789":"CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C","CVE-2015-1790":"CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C","CVE-2015-1791":"CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:C","CVE-2015-1792":"CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C","CVE-2015-4000":"CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:C"},"kb_scoring_calc":[{"cve_id":"CVE-2014-8176","range":"MEDIUM","score":6.4,"vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:C"},{"cve_id":"CVE-2015-1788","range":"LOW","score":3.7,"vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C"},{"cve_id":"CVE-2015-1789","range":"LOW","score":3.7,"vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C"},{"cve_id":"CVE-2015-1790","range":"MEDIUM","score":4.3,"vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C"},{"cve_id":"CVE-2015-1791","range":"MEDIUM","score":5.8,"vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:C"},{"cve_id":"CVE-2015-1792","range":"MEDIUM","score":4.3,"vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C"},{"cve_id":"CVE-2015-4000","range":"LOW","score":3.7,"vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:C"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate the OpenSSL software libraries to provide cryptographic capabilities. OpenSSL versions below 1.0.2b, 1.0.1n, 1.0.0s and 0.9.8zg are susceptible to vulnerabilities that could lead to a Denial of Service attack. NetApp is investigating which products use affected versions of OpenSSL. This advisory will be updated as additional information becomes available.","kb_title":"June 2015 OpenSSL Vulnerabilities in NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","ATTO FibreBridge - 6500N","Brocade Fabric Operating System Firmware","Cloud Manager","E-Series SANtricity Storage Manager","E-Series SANtricity Web Services (REST API) for Web Services Proxy","FAS/AFF BIOS","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","NetApp NFS Plug-in for VMware VAAI","NetApp Storage Encryption","NetApp VTL","OnCommand Insight","OnCommand Performance Manager (Unified Manager Performance Pkg)","Single Mailbox Recovery","Snap Creator Framework","SnapDrive for Unix","SnapManager for Exchange","SnapManager for Hyper-V","SnapManager for Oracle","SnapManager for SAP","SnapManager for Sharepoint","Storage Services Connector","StorageGRID (formerly StorageGRID Webscale)","StorageGRID9 (9.x and prior)","System Manager 9.x"],"kb_workarounds":"None.","ntap_advisory_id":"NTAP-20150616-0001","adv_id":"ntap-20150616-0001","published_date":"2015-06-16T00:00:00","updated_date":"2019-07-24T00:00:00","inserted_date":"2025-05-27T05:01:20.101000","modified_date":null}}