{"status":"success","advisory":{"_id":"683547235b16347a91c39d2d","kb_acknowledgements":null,"kb_affected_list":["FAS/AFF BIOS"],"kb_bad_data":false,"kb_cve":["CVE-2017-5703"],"kb_exploitation":"Public","kb_fixes":[{"product":"FAS/AFF BIOS","fixes":[{"link":"https://mysupport.netapp.com/site/downloads/firmware/system-firmware-diagnostics","cves":[]}],"instructions":"First fixed in BIOS versions 9.7, 10.5, 11.5, 12.3, and 13.3 under bug 1189483 and bundled into ONTAP version 9.6. ","wontfix":false,"eos_link":null}],"kb_impact":"Successful exploitation of this vulnerability could lead to Denial of Service(DoS).","kb_internal_notes":[{"burt":"1189485","jira":"","product":"E-Series SANtricity OS Controller Software 11.x"},{"burt":"1189484","jira":"","product":"E-Series SANtricity OS Controller Software 8.x"},{"burt":"1189483","jira":"","product":"FAS/AFF BIOS"},{"burt":"1189487","jira":"","product":"NetApp Cloud Backup (formerly AltaVault)"},{"burt":"","jira":"","product":"NetApp HCI Compute Node BIOS"},{"burt":"1189486","jira":"","product":"NetApp SteelStore Cloud Integrated Storage"},{"burt":"1189489","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"},{"burt":"1189488","jira":"","product":"StorageGRID9 (9.x and prior)"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00087.html"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20180924","version":"1.0"},{"comment":"NetApp Cloud Backup (formerly AltaVault) and NetApp SteelStore Cloud Integrated Storage moved to Products Not Affected","date":"20181004","version":"2.0"},{"comment":"FAS/AFF System Firmware moved to Affected Products","date":"20181022","version":"3.0"},{"comment":"FAS/AFF System Firmware added to Software Versions and Fixes, Final status","date":"20191119","version":"4.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2017-5703":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H"},"kb_scoring_calc":[{"cve_id":"CVE-2017-5703","range":"HIGH","score":7.9,"vector":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate Intel CPUs and their associated chipsets. Some Intel CPUs allow unsafe opcodes which a local attacker could use to alter the behavior of the SPI Flash memory, leading a Denial of Service (DoS).\r\n","kb_title":"CVE-2017-5703 Intel SPI Flash Denial of Service Vulnerability in NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","ATTO FibreBridge - 6500N","Active IQ Unified Manager for Linux","Active IQ Unified Manager for Microsoft Windows","Active IQ Unified Manager for VMware vSphere","Brocade Fabric Operating System Firmware","Cloud Manager","Clustered Data ONTAP","Clustered Data ONTAP Antivirus Connector","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity OS Controller Software 8.x","E-Series SANtricity Storage Manager","E-Series SANtricity Web Services (REST API) for Web Services Proxy","Element Plug-in for vCenter Server","FAS/AFF Baseboard Management Controller (BMC) - A320/C190/A220/FAS2720/FAS2750/A800","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","MetroCluster Tiebreaker for clustered Data ONTAP","NetApp Cloud Backup (formerly AltaVault)","NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in)","NetApp Converged Systems Advisor Agent","NetApp HCI Compute Node (Bootstrap OS)","NetApp HCI Compute Node BIOS","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp SANtricity SMI-S Provider","NetApp SMI-S Provider","NetApp SolidFire & HCI Management Node","NetApp SolidFire, Enterprise SDS & HCI Storage Node (Element Software)","NetApp SteelStore Cloud Integrated Storage","NetApp Storage Encryption","ONTAP Select Deploy administration utility","OnCommand Insight","OnCommand Workflow Automation","Open Systems SnapVault Agent","Service Processor","Single Mailbox Recovery","Snap Creator Framework","SnapCenter","SnapDrive for Unix","SnapManager for Hyper-V","SnapManager for Oracle","SnapManager for SAP","Storage Services Connector","StorageGRID (formerly StorageGRID Webscale)","StorageGRID Baseboard Management Controller (BMC)","StorageGRID9 (9.x and prior)","System Manager 9.x"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20180924-0004","adv_id":"ntap-20180924-0004","published_date":"2018-09-24T00:00:00","updated_date":"2019-11-19T00:00:00","inserted_date":"2025-05-27T05:01:23.357000","modified_date":null}}