{"status":"success","advisory":{"_id":"683547215b16347a91c39caa","kb_acknowledgements":null,"kb_affected_list":["Cluster Network Switch (NetApp CN1610)","Clustered Data ONTAP","Clustered Data ONTAP Antivirus Connector","Data ONTAP operating in 7-Mode","Management Network Switch (NetApp CN1601)","NetApp Cloud Backup (formerly AltaVault)","NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in)","NetApp Host Agent","NetApp SMI-S Provider","NetApp SolidFire, Enterprise SDS & HCI Storage Node (Element Software)","OnCommand Unified Manager Core Package","OnCommand Workflow Automation","Open Systems SnapVault Agent","SnapCenter","SnapDrive for Unix","SnapDrive for Windows","SnapProtect","StorageGRID9 (9.x and prior)"],"kb_bad_data":false,"kb_cve":["CVE-2017-3732","CVE-2017-3731","CVE-2017-3730","CVE-2016-7055"],"kb_exploitation":"Public","kb_fixes":[{"product":"OnCommand Unified Manager Core Package","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/occore_win/5.2.3/","cves":[]},{"link":"https://mysupport.netapp.com/NOW/download/software/occore_lin/5.2.3/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapCenter","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/snapcenter/4.0/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapDrive for Windows","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/snapdrive_win/7.1.4P1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapDrive for Unix","fixes":[{"link":"https://mysupport.netapp.com/NOW/cgi-bin/license.cgi/download/software/snapdrive_redhatlinux/5.3.2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp SMI-S Provider","fixes":[{"link":"https://mysupport.netapp.com/products/smis/5.2.5/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapProtect","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2426797.html"},{"product":"Open Systems SnapVault Agent","fixes":[{"link":"https://support.netapp.com/NOW/download/software/snapvault_oss/win2003/3.0.1P8","cves":[]},{"link":"https://support.netapp.com/NOW/download/software/snapvault_oss/win2008/3.0.1P8","cves":[]},{"link":"https://support.netapp.com/NOW/download/software/snapvault_oss/linux/3.0.1P8","cves":[]},{"link":"https://support.netapp.com/NOW/download/software/snapvault_oss/solx86/3.0.1P8","cves":[]},{"link":"https://support.netapp.com/NOW/download/software/snapvault_oss/sol/3.0.1P8","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Clustered Data ONTAP","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/ontap/9.2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp Host Agent","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://mysupport.netapp.com/info/communications/ECMLP2512371.html"},{"product":"StorageGRID9 (9.x and prior)","fixes":[{"link":"https://kb.netapp.com/app/answers/answer_view/a_id/1031896","cves":[]}],"instructions":"Update Package","wontfix":false,"eos_link":null},{"product":"Management Network Switch (NetApp CN1601)","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2838313.html"},{"product":"Clustered Data ONTAP Antivirus Connector","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/ontap_av_connector/1.0.4/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Cluster Network Switch (NetApp CN1610)","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/sanswitch/fcp/NetApp/cn1610cm","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Data ONTAP operating in 7-Mode","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ontap/8.2.5/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp SolidFire, Enterprise SDS & HCI Storage Node (Element Software)","fixes":[{"link":"https://mysupport.netapp.com/products/solidfire/11.0/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Workflow Automation","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/ocwfa/4.2/","cves":[]},{"link":"https://mysupport.netapp.com/NOW/download/software/ocwfa_linux/4.2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in)","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/altavault_ost_win/1.2.1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/altavault_ost_lin/1.2.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp Cloud Backup (formerly AltaVault)","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/altavault_ava800/4.3.1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/altavault_phyapp/4.3.1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/altavault_virtualapp/4.3.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Exploitation of these vulnerabilities may lead to out-of-bound reads, process crashes, Denial of Service (DoS) attacks, or incorrect results.","kb_internal_notes":[{"burt":"1062261","jira":"","product":"Cluster Network Switch (NetApp CN1610)"},{"burt":"1062259","jira":"","product":"Clustered Data ONTAP"},{"burt":"1062258","jira":"","product":"Clustered Data ONTAP Antivirus Connector"},{"burt":"1062263","jira":"","product":"Data ONTAP operating in 7-Mode"},{"burt":"1460249","jira":"","product":"E-Series SANtricity OS Controller Software 11.x"},{"burt":"1062266","jira":"","product":"Management Network Switch (NetApp CN1601)"},{"burt":"1062268","jira":"","product":"NetApp Cloud Backup (formerly AltaVault)"},{"burt":"1062255","jira":"","product":"NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in)"},{"burt":"1062267","jira":"","product":"NetApp Host Agent"},{"burt":"","jira":"","product":"NetApp SANtricity SMI-S Provider"},{"burt":"1062264","jira":"","product":"NetApp SMI-S Provider"},{"burt":"","jira":"SECURITY-275","product":"NetApp SolidFire, Enterprise SDS & HCI Storage Node (Element Software)"},{"burt":"1062269","jira":"","product":"NetApp Storage Encryption"},{"burt":"1062262","jira":"","product":"ONTAP Select Deploy administration utility"},{"burt":"1062270","jira":"","product":"OnCommand Balance"},{"burt":"1062271","jira":"","product":"OnCommand Performance Manager (Unified Manager Performance Pkg)"},{"burt":"1062272","jira":"","product":"OnCommand Unified Manager Core Package"},{"burt":"1062273","jira":"","product":"OnCommand Unified Manager for Clustered Data ONTAP"},{"burt":"1062274","jira":"","product":"OnCommand Workflow Automation"},{"burt":"1062276","jira":"","product":"Open Systems SnapVault Agent"},{"burt":"1062278","jira":"","product":"Service Processor"},{"burt":"1062280","jira":"","product":"SnapCenter"},{"burt":"1062281","jira":"","product":"SnapDrive for Unix"},{"burt":"1062282","jira":"","product":"SnapDrive for Windows"},{"burt":"1062283","jira":"","product":"SnapProtect"},{"burt":"1125198","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"},{"burt":"1125196","jira":"","product":"StorageGRID9 (9.x and prior)"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":["https://www.openssl.org/news/secadv/20170126.txt"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20170127","version":"1.0"},{"comment":"NetApp Storage Encryption moved to Products Not Affected, Clustered Data ONTAP Antivirus Connector, NetApp AltaVault, SnapDrive for Windows, Open Systems SnapVault Agent and SnapDrive for Unix moved to Affected Products, updated the ONTAP workaround command to include the -interface flag","date":"20170207","version":"2.0"},{"comment":"SnapCenter Server, OnCommand Unified Manager Core Package (5.x) and OnCommand Workflow Automation moved to Affected Products, ONTAP Select Deploy administration tool moved to Products Not Affected, SnapCenter Plug-in for Microsoft SQL Server and SnapCenter Plug-in for Windows removed as they are now bundled with SnapCenter Server,","date":"20170214","version":"3.0"},{"comment":"Management Network Switch (NetApp CN1601) and Cluster Network Switch (NetApp CN1610) moved to Affected Products, SolidFire Element OS added to advisory under Products Under Investigation","date":"20170221","version":"4.0"},{"comment":"AltaVault OST Plug-in moved to Affected Products, OnCommand Unified Manager for Clustered Data ONTAP and OnCommand Performance Manager (Unified Manager Performance Pkg moved to Products Not Affected, Open Systems SnapVault Agent added to Software Versions and Fixes","date":"20170228","version":"5.0"},{"comment":"AltaVault OST Plug-in added to Software Versions and Fixes","date":"20170503","version":"6.0"},{"comment":"NetApp AltaVault added to Software Versions and Fixes","date":"20170510","version":"7.0"},{"comment":"Data ONTAP operating in 7-Mode moved to Affected Products and added to Software Versions and Fixes","date":"20170808","version":"6.0"},{"comment":"Management Network Switch (NetApp CN1601) moved to Won't Fix status https://mysupport.netapp.com/info/communications/ECMLP2838313.html","date":"20171109","version":"7.0"},{"comment":"After additional review, StorageGRID Webscale and StorageGRID moved to Products Under Investigation","date":"20171114","version":"8.0"},{"comment":"Clustered Data ONTAP added to Software Versions and Fixes","date":"20171205","version":"9.0"},{"comment":"StorageGRID moved to Affected Products","date":"20171212","version":"10.0"},{"comment":"SnapDrive for Windows and SnapCenter Server added to Software Versions and Fixes","date":"20180118","version":"11.0"},{"comment":"OnCommand Balance moved to Won't Fix status","date":"20180119","version":"12.0"},{"comment":"StorageGRID Webscale moved to Products not Affected","date":"20180327","version":"13.0"},{"comment":"OnCommand Workflow Automation added to Software Versions and Fixes","date":"20180419","version":"14.0"},{"comment":"StorageGRID added to Software Versions and Fixes","date":"20180601","version":"15.0"},{"comment":"OnCommand Unified Manager for 7-Mode (core package) added to Software Versions and Fixes","date":"20180621","version":"16.0"},{"comment":"NetApp SMI-S Provider moved to Affected Products","date":"20180706","version":"17.0"},{"comment":"Clustered Data ONTAP Antivirus Connector added to Software Versions and Fixes","date":"20180803","version":"18.0"},{"comment":"Cluster Network Switch (NetApp CN1610) added to Software Versions and Fixes","date":"20180823","version":"19.0"},{"comment":"NetApp Host Agent moved to Won't Fix status","date":"20181004","version":"20.0"},{"comment":"Element Software (formerly SolidFire Element OS) added to Software Versions and Fixes","date":"20181211","version":"21.0"},{"comment":"SnapDrive for Unix added to Software Versions and Fixes","date":"20190118","version":"22.0"},{"comment":"SnapProtect moved to Won't Fix status","date":"20190531","version":"23.0"},{"comment":"NetApp SMI-S Provider added to Software Versions and Fixes","date":"20190724","version":"24.0"},{"comment":"E-Series SANtricity OS Controller Software 11.x moved to Products Not Affected, Final status","date":"20220228","version":"25.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2016-7055":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","CVE-2017-3730":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","CVE-2017-3731":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","CVE-2017-3732":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},"kb_scoring_calc":[{"cve_id":"CVE-2016-7055","range":"LOW","score":3.7,"vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"cve_id":"CVE-2017-3730","range":"MEDIUM","score":5.3,"vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"cve_id":"CVE-2017-3731","range":"MEDIUM","score":5.3,"vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"cve_id":"CVE-2017-3732","range":"MEDIUM","score":5.9,"vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate the OpenSSL software libraries to provide cryptographic capabilities. OpenSSL versions below 1.0.2k and 1.1.0d are susceptible to vulnerabilities that could lead to out-of-bound reads, process crashes, Denial of Service (DoS) attacks, or incorrect results. NetApp is investigating which products use affected versions of OpenSSL. This advisory will be updated as additional information becomes available.","kb_title":"January 2017 OpenSSL Vulnerabilities in Multiple NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","ATTO FibreBridge - 6500N","Brocade Fabric Operating System Firmware","Cloud Manager","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity Storage Manager","E-Series SANtricity Web Services (REST API) for Web Services Proxy","FAS/AFF BIOS","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","MetroCluster Tiebreaker for clustered Data ONTAP","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp SANtricity SMI-S Provider","NetApp Storage Encryption","ONTAP Select Deploy administration utility","OnCommand Balance","OnCommand Insight","OnCommand Performance Manager (Unified Manager Performance Pkg)","OnCommand Unified Manager for Clustered Data ONTAP","Service Processor","Single Mailbox Recovery","Snap Creator Framework","SnapManager for Hyper-V","SnapManager for Oracle","SnapManager for SAP","Storage Services Connector","StorageGRID (formerly StorageGRID Webscale)","System Manager 9.x"],"kb_workarounds":"Clustered Data ONTAP: Beginning with version 9.0 ciphers can be manually disabled using the \"security config\" command: \r\n\r\n::*> security config modify -interface SSL -supported-ciphers <CURRENT_CIPHER_STRING>:!DH","ntap_advisory_id":"NTAP-20170127-0001","adv_id":"ntap-20170127-0001","published_date":"2017-01-27T00:00:00","updated_date":"2022-02-28T00:00:00","inserted_date":"2025-05-27T05:01:21.288000","modified_date":null}}