{"status":"success","advisory":{"_id":"683547205b16347a91c39c72","kb_acknowledgements":null,"kb_affected_list":["Cluster Network Switch (NetApp CN1610)","Data ONTAP Edge","Data ONTAP operating in 7-Mode","ONTAP 9","OnCommand Balance","StorageGRID (formerly StorageGRID Webscale)"],"kb_bad_data":false,"kb_cve":["CVE-2016-0777","CVE-2016-0778"],"kb_exploitation":"Public","kb_fixes":[{"product":"Cluster Network Switch (NetApp CN1610)","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/sanswitch/fcp/NetApp/cn1610cm/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"ONTAP 9","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ontap/8.2.4P3/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Data ONTAP Edge","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2630722.html"},{"product":"Data ONTAP operating in 7-Mode","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ontap/8.2.4P3/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Balance","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMP1655122.html"},{"product":"StorageGRID (formerly StorageGRID Webscale)","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/storagegrid/downloads-tab/download/61023/10.3","cves":[]},{"link":"https://mysupport.netapp.com/site/products/all/details/storagegrid/downloads-tab/download/61023/11.0","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Exploitation of these vulnerabilities may lead to a denial of service or the unauthorized disclosure of information including private keys under some circumstances.","kb_internal_notes":[{"burt":"981365","jira":"","product":"Cluster Network Switch (NetApp CN1610)"},{"burt":"981366","jira":"","product":"Data ONTAP Edge"},{"burt":"981367","jira":"","product":"Data ONTAP operating in 7-Mode"},{"burt":"981374","jira":"","product":"FAS/AFF Service Processor - 8080/8060/8040/8020"},{"burt":"981368","jira":"","product":"NetApp VASA Provider for Clustered Data ONTAP 9.7 and above"},{"burt":"981363","jira":"","product":"ONTAP 9"},{"burt":"981369","jira":"","product":"OnCommand Balance"},{"burt":"981370","jira":"","product":"OnCommand Unified Manager Core Package"},{"burt":"981371","jira":"","product":"OnCommand Unified Manager for Clustered Data ONTAP"},{"burt":"981372","jira":"","product":"Perfstat"},{"burt":"981376","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"},{"burt":"981375","jira":"","product":"StorageGRID9 (9.x and prior)"}],"kb_investigating_list":[],"kb_num":"9010059","kb_ref":["http://www.openssh.com/security.html","https://www.kb.cert.org/vuls/id/456088","https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0777","https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0778"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20160126","version":"1.0"},{"comment":"Clustered Data ONTAP & Data ONTAP Edge moved to Affected Products","date":"20160201","version":"2.0"},{"comment":"StorageGRID moved to Products Not Affected; StorageGRID Webscale moved to Affected Products and added to Software Version and Fixes","date":"20160202","version":"3.0"},{"comment":"OnCommand Balance moved to Affected Products","date":"20160204","version":"4.0"},{"comment":"Cluster Network/Management Switches (Cisco) moved to Affected Products","date":"20160219","version":"5.0"},{"comment":"OnCommand Unified Manager for Clustered Data ONTAP (6.x) moved to Products Not Affected;Data ONTAP operating in 7-Mode & Cluster Network/Management Switches (NetApp) moved to Affected Products","date":"20160301","version":"6.0"},{"comment":"Clustered Data ONTAP & Data ONTAP operating in 7-Mode added to Software Versions and Fixes","date":"20160406","version":"7.0"},{"comment":"Perfstat moved to Products Not Affected; Formatting","date":"20160906","version":"8.0"},{"comment":"Updated Workarounds and Software Version and Fixes for StorageGRID Webscale","date":"20160913","version":"9.0"},{"comment":"OnCommand Unified Manager Core Package (5.x) moved to Products Not Affected, Fibre Channel Switch (Cisco MDS) moved to Affected Products","date":"20161223","version":"10.0"},{"comment":"OnCommand Balance moved to Won't Fix status","date":"20180122","version":"11.0"},{"comment":"Cluster Network Switch (NetApp CN1610) added to Software Versions and Fixes","date":"20180823","version":"12.0"},{"comment":"Data ONTAP Edge moved to Won't Fix status, Final status","date":"20180904","version":"13.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2016-0777":"CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:U/RC:C","CVE-2016-0778":"CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:U/RC:C"},"kb_scoring_calc":[{"cve_id":"CVE-2016-0777","range":"MEDIUM","score":4.0,"vector":"AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:U/RC:C"},{"cve_id":"CVE-2016-0778","range":"MEDIUM","score":6.5,"vector":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:U/RC:C"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate the OpenSSH software libraries. OpenSSH versions between 5.4 and 7.1 are susceptible to vulnerabilities that may be exploited to cause a denial of service or obtain sensitive information. NetApp is investigating which products use affected versions of OpenSSH. This advisory will be updated as additional information becomes available.","kb_title":"January 2016 OpenSSH Vulnerabilities in Multiple NetApp Products","kb_unaffected_list":["Brocade Fabric Operating System Firmware","E-Series SANtricity Unified Manager and Web Services Proxy","FAS/AFF BIOS - 8300/8700/A400/C400","FAS/AFF Service Processor - 8080/8060/8040/8020","MetroCluster Tiebreaker","NetApp Console Agent","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp ONTAP PowerShell Toolkit (PSTK)","NetApp SMI-S Provider","NetApp VASA Provider for Clustered Data ONTAP 9.7 and above","ONTAP Antivirus Connector","OnCommand Insight","OnCommand Unified Manager Core Package","OnCommand Unified Manager for Clustered Data ONTAP","Perfstat","SAN Host Utilities for Linux","SAN Host Utilities for Windows","Single Mailbox Recovery","SnapCenter","StorageGRID9 (9.x and prior)","System Manager 9.x"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20160126-0001","adv_id":"ntap-20160126-0001","published_date":"2016-01-26T00:00:00","updated_date":"2018-09-04T00:00:00","inserted_date":"2026-05-11T19:53:08.111000","modified_date":null}}