{"status":"success","advisory":{"_id":"683547245b16347a91c39d62","kb_acknowledgements":null,"kb_affected_list":["AFF Baseboard Management Controller (BMC) - A700s","Cluster Network Switch (NetApp CN1610)","Clustered Data ONTAP","Data ONTAP Edge","Data ONTAP operating in 7-Mode","Management Network Switch (NetApp CN1601)","NetApp Cloud Backup (formerly AltaVault)","NetApp SolidFire, Enterprise SDS & HCI Storage Node (Element Software)","NetApp VASA Provider for Clustered Data ONTAP 6.x","ONTAP Select Deploy administration utility","OnCommand Balance","OnCommand Unified Manager Core Package","OnCommand Unified Manager for Clustered Data ONTAP","Service Processor","StorageGRID (formerly StorageGRID Webscale)","StorageGRID9 (9.x and prior)"],"kb_bad_data":false,"kb_cve":["CVE-2016-6210"],"kb_exploitation":"Public","kb_fixes":[{"product":"ONTAP Select Deploy administration utility","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/ontap_select/9.2.25/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Unified Manager Core Package","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2853558.html"},{"product":"NetApp Cloud Backup (formerly AltaVault)","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/altavault_phyapp/4.3.2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"StorageGRID (formerly StorageGRID Webscale)","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/storagegrid_webscale/10.4.0/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"AFF Baseboard Management Controller (BMC) - A700s","fixes":[{"link":"https://mysupport.netapp.com/site/downloads/firmware/system-firmware-diagnostics","cves":[]}],"instructions":"The first fixed version is 1.81.\r\nTo download the patch, choose “Service Image” from the AFF_A700s “System Firmware + Diagnostics Download” page.","wontfix":false,"eos_link":null},{"product":"NetApp VASA Provider for Clustered Data ONTAP 6.x","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2843185.html"},{"product":"Clustered Data ONTAP","fixes":[{"link":"https://mysupport.netapp.com/download/software/ontap/9.1P15/","cves":[]},{"link":"https://mysupport.netapp.com/download/software/ontap/9.3P6/","cves":[]},{"link":"https://mysupport.netapp.com/NOW/download/software/ontap/9.4/","cves":[]},{"link":"https://mysupport.netapp.com/products/ontap9/9.5/","cves":[]},{"link":"https://mysupport.netapp.com/products/ontap9/9.6/","cves":[]}],"instructions":"Fix added to 9.1 and 9.3 under bug 1067443.","wontfix":false,"eos_link":null},{"product":"OnCommand Balance","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMP1655122.html"},{"product":"OnCommand Unified Manager for Clustered Data ONTAP","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/oncommand_um/7.2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Service Processor","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/tools/serviceimage/support/","cves":[]}],"instructions":"Fixed by bug 1073101. First fixed versions include the following: sp_3.5,sp_2.6,sp_4.3,sp_5.3","wontfix":false,"eos_link":null},{"product":"Management Network Switch (NetApp CN1601)","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2838313.html"},{"product":"Cluster Network Switch (NetApp CN1610)","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/sanswitch/fcp/NetApp/cn1610cm","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Data ONTAP Edge","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2630722.html"},{"product":"NetApp SolidFire, Enterprise SDS & HCI Storage Node (Element Software)","fixes":[{"link":"https://mysupport.netapp.com/products/solidfire/11.0/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"StorageGRID9 (9.x and prior)","fixes":[{"link":"https://kb.netapp.com/app/answers/answer_view/a_id/1031896","cves":[]}],"instructions":"Update Package","wontfix":false,"eos_link":null},{"product":"Data ONTAP operating in 7-Mode","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ontap/8.2.5/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Successful exploitation of this vulnerability could lead to disclosure of sensitive information.","kb_internal_notes":[{"burt":"1261612","jira":"","product":"AFF Baseboard Management Controller (BMC) - A700s"},{"burt":"1073090","jira":"","product":"Cluster Network Switch (NetApp CN1610)"},{"burt":"1073088","jira":"","product":"Clustered Data ONTAP"},{"burt":"1073092","jira":"","product":"Data ONTAP Edge"},{"burt":"1073093","jira":"","product":"Data ONTAP operating in 7-Mode"},{"burt":"1073094","jira":"","product":"Management Network Switch (NetApp CN1601)"},{"burt":"1155258","jira":"","product":"NetApp Cloud Backup (formerly AltaVault)"},{"burt":"","jira":"SECURITY-271","product":"NetApp SolidFire, Enterprise SDS & HCI Storage Node (Element Software)"},{"burt":"1155257","jira":"","product":"NetApp SteelStore Cloud Integrated Storage"},{"burt":"1147062","jira":"","product":"NetApp VASA Provider for Clustered Data ONTAP 6.x"},{"burt":"1073095","jira":"","product":"NetApp VASA Provider for Clustered Data ONTAP 9.7 and above"},{"burt":"1073099","jira":"","product":"ONTAP Select Deploy administration utility"},{"burt":"1073096","jira":"","product":"OnCommand Balance"},{"burt":"1073097","jira":"","product":"OnCommand Performance Manager (Unified Manager Performance Pkg)"},{"burt":"1155259","jira":"","product":"OnCommand Unified Manager Core Package"},{"burt":"1073098","jira":"","product":"OnCommand Unified Manager for Clustered Data ONTAP"},{"burt":"1073101","jira":"","product":"Service Processor"},{"burt":"1073103","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"},{"burt":"1073102","jira":"","product":"StorageGRID9 (9.x and prior)"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":["https://www.openssh.com/txt/release-7.3"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20190206","version":"1.0"},{"comment":"AFF Baseboard Management Controller (BMC) moved to Affected Products","date":"20190830","version":"2.0"},{"comment":"Clustered Data ONTAP fix links updated","date":"20190903","version":"3.0"},{"comment":"Service Processor added to Software Versions and Fixes","date":"20200722","version":"4.0"},{"comment":"AFF Baseboard Management Controller (BMC) - A700s added to Software Versions and Fixes, Final status","date":"20201119","version":"5.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2016-6210":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},"kb_scoring_calc":[{"cve_id":"CVE-2016-6210","range":"MEDIUM","score":5.9,"vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate the OpenSSH software libraries. OpenSSH versions before 7.3 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.","kb_title":"CVE-2016-6210 OpenSSH Vulnerability in NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","ATTO FibreBridge - 6500N","Brocade Fabric Operating System Firmware","Cloud Manager","Clustered Data ONTAP Antivirus Connector","E-Series SANtricity Storage Manager","E-Series SANtricity Web Services (REST API) for Web Services Proxy","FAS/AFF BIOS","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","MetroCluster Tiebreaker for clustered Data ONTAP","NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in)","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp SANtricity SMI-S Provider","NetApp SMI-S Provider","NetApp SteelStore Cloud Integrated Storage","NetApp Storage Encryption","NetApp VASA Provider for Clustered Data ONTAP 9.7 and above","OnCommand Insight","OnCommand Performance Manager (Unified Manager Performance Pkg)","OnCommand Workflow Automation","Open Systems SnapVault Agent","Single Mailbox Recovery","Snap Creator Framework","SnapCenter","SnapDrive for Unix","SnapManager for Hyper-V","SnapManager for Oracle","SnapManager for SAP","Storage Services Connector","System Manager 9.x"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20190206-0001","adv_id":"ntap-20190206-0001","published_date":"2019-02-06T00:00:00","updated_date":"2020-11-19T00:00:00","inserted_date":"2025-05-27T05:01:24.211000","modified_date":null}}