{"status":"success","advisory":{"_id":"683547235b16347a91c39d42","kb_acknowledgements":null,"kb_affected_list":["Data ONTAP operating in 7-Mode","E-Series SANtricity OS Controller Software 11.x","NetApp Cloud Backup (formerly AltaVault)","NetApp HCI Compute Node (Bootstrap OS)","NetApp SMI-S Provider","NetApp SolidFire & HCI Management Node","NetApp SolidFire, Enterprise SDS & HCI Storage Node (Element Software)","StorageGRID (formerly StorageGRID Webscale)"],"kb_bad_data":false,"kb_cve":["CVE-2018-18065","CVE-2018-18066"],"kb_exploitation":"Public","kb_fixes":[{"product":"E-Series SANtricity OS Controller Software 11.x","fixes":[{"link":"https://mysupport.netapp.com/products/eseries_santricityos/11.50.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"StorageGRID (formerly StorageGRID Webscale)","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/storagegrid_webscale/11.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp HCI Compute Node (Bootstrap OS)","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/netapp-hci/downloads-tab/download/62542/1.8","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Data ONTAP operating in 7-Mode","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/ontap/8.2.5P3/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp SolidFire, Enterprise SDS & HCI Storage Node (Element Software)","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/element-software/downloads-tab/download/62654/12.0","cves":[]},{"link":"https://mysupport.netapp.com/site/products/all/details/netapp-hci/downloads-tab/download/62542/1.8","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp SolidFire & HCI Management Node","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/element-software/downloads-tab/download/62654/12.0","cves":[]},{"link":"https://mysupport.netapp.com/site/products/all/details/netapp-hci/downloads-tab/download/62542/1.8","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp Cloud Backup (formerly AltaVault)","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2880179.html"}],"kb_impact":"Successful exploitation of these vulnerabilities could lead to Denial of Service (DoS).","kb_internal_notes":[{"burt":"1196961","jira":"","product":"Clustered Data ONTAP"},{"burt":"1196963","jira":"","product":"Data ONTAP operating in 7-Mode"},{"burt":"1196967","jira":"","product":"E-Series SANtricity OS Controller Software 11.x"},{"burt":"1196966","jira":"","product":"E-Series SANtricity OS Controller Software 8.x"},{"burt":"1280430","jira":"","product":"FAS/AFF Baseboard Management Controller (BMC) - A320/C190/A220/FAS2720/FAS2750/A800"},{"burt":"1196968","jira":"","product":"NetApp Cloud Backup (formerly AltaVault)"},{"burt":"","jira":"","product":"NetApp HCI Compute Node (Bootstrap OS)"},{"burt":"1196964","jira":"","product":"NetApp SMI-S Provider"},{"burt":"","jira":"","product":"NetApp SolidFire & HCI Management Node"},{"burt":"","jira":"","product":"NetApp SolidFire, Enterprise SDS & HCI Storage Node (Element Software)"},{"burt":"1196969","jira":"","product":"OnCommand Unified Manager Core Package"},{"burt":"1196970","jira":"","product":"Service Processor"},{"burt":"1196971","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":[],"kb_rev_history":[{"comment":"Initial Public Release","date":"20181107","version":"1.0"},{"comment":"Service Processor moved to Products Not Affected","date":"20190110","version":"2.0"},{"comment":"Data ONTAP operating in 7-Mode added to Software Versions and Fixes","date":"20190315","version":"3.0"},{"comment":"NetApp SMI-S Provider moved to Affected Products","date":"20190319","version":"4.0"},{"comment":"E-Series SANtricity OS Controller Software 11.x added to Software Versions and Fixes","date":"20190426","version":"5.0"},{"comment":"FAS/AFF Baseboard Management Controller (BMC) moved to Products Not Affected","date":"20191119","version":"6.0"},{"comment":"NetApp SolidFire & HCI Storage Node (Element Software) added to Software Versions and Fixes","date":"20200522","version":"7.0"},{"comment":"NetApp HCI Compute Node (Bootstrap OS), and NetApp SolidFire & HCI Management Node moved to Products Not Affected","date":"20200612","version":"8.0"},{"comment":"NetApp Cloud Backup (formerly AltaVault) moved to Won't Fix status, Final status","date":"20220106","version":"9.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2018-18065":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","CVE-2018-18066":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"kb_scoring_calc":[{"cve_id":"CVE-2018-18065","range":"MEDIUM","score":6.5,"vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"cve_id":"CVE-2018-18066","range":"HIGH","score":7.5,"vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate the Net-SNMP software libraries. Net-SNMP versions before 5.8 are susceptible to vulnerabilities which when successfully exploited could lead to Denial of Service (DoS).","kb_title":"October 2018 Net-SNMP Vulnerabilities in NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","ATTO FibreBridge - 6500N","Active IQ Unified Manager for Linux","Active IQ Unified Manager for Microsoft Windows","Active IQ Unified Manager for VMware vSphere","Brocade Fabric Operating System Firmware","Cloud Manager","Clustered Data ONTAP","Clustered Data ONTAP Antivirus Connector","E-Series SANtricity OS Controller Software 8.x","E-Series SANtricity Storage Manager","E-Series SANtricity Web Services (REST API) for Web Services Proxy","Element Plug-in for vCenter Server","FAS/AFF BIOS","FAS/AFF Baseboard Management Controller (BMC) - A320/C190/A220/FAS2720/FAS2750/A800","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","MetroCluster Tiebreaker for clustered Data ONTAP","NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in)","NetApp Converged Systems Advisor Agent","NetApp HCI Compute Node BIOS","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp SANtricity SMI-S Provider","NetApp Storage Encryption","ONTAP Select Deploy administration utility","OnCommand Insight","OnCommand Unified Manager Core Package","OnCommand Workflow Automation","Open Systems SnapVault Agent","SAS Firmware","Service Processor","Single Mailbox Recovery","Snap Creator Framework","SnapCenter","SnapDrive for Unix","SnapManager for Exchange","SnapManager for Hyper-V","SnapManager for Oracle","SnapManager for SAP","Storage Services Connector","StorageGRID Baseboard Management Controller (BMC)","StorageGRID9 (9.x and prior)","System Manager 9.x"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20181107-0001","adv_id":"ntap-20181107-0001","published_date":"2018-11-07T00:00:00","updated_date":"2022-01-06T00:00:00","inserted_date":"2025-05-27T05:01:23.699000","modified_date":null}}