{"status":"success","advisory":{"_id":"683547245b16347a91c39d78","kb_acknowledgements":null,"kb_affected_list":["FAS/AFF Baseboard Management Controller (BMC) - A320/C190/A220/FAS2720/FAS2750/A800","NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H300E/H500E/H700E/H410S","NetApp HCI Baseboard Management Controller (BMC) - H410C","NetApp HCI Baseboard Management Controller (BMC) - H610C","NetApp HCI Baseboard Management Controller (BMC) - H610S","NetApp HCI Baseboard Management Controller (BMC) - H615C","NetApp SolidFire Baseboard Management Controller (BMC)"],"kb_bad_data":false,"kb_cve":["CVE-2019-6260"],"kb_exploitation":"Public","kb_fixes":[{"product":"NetApp HCI Baseboard Management Controller (BMC) - H410C","fixes":[{"link":"https://mysupport.netapp.com/products/hci/H410C_BIOS_3.4_BMC_6.71/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp HCI Baseboard Management Controller (BMC) - H615C","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/netapp-hci/downloads-tab","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"FAS/AFF Baseboard Management Controller (BMC) - A320/C190/A220/FAS2720/FAS2750/A800","fixes":[{"link":"https://mysupport.netapp.com/site/downloads/firmware/system-firmware-diagnostics","cves":[]}],"instructions":"Fixed by bug 1224942. \r\nFirst fixed versions include the following: 10.3,11.4","wontfix":false,"eos_link":null},{"product":"NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H300E/H500E/H700E/H410S","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/5d9f1108e01d9c0001ee51dd/downloads-tab/download/62542/Compute_Firmware_Bundle","cves":[]}],"instructions":"First included in Compute Firmware Bundle version 2.27.","wontfix":false,"eos_link":null},{"product":"NetApp SolidFire Baseboard Management Controller (BMC)","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2847476.html "},{"product":"NetApp HCI Baseboard Management Controller (BMC) - H610S","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/netapp-hci/downloads-tab","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp HCI Baseboard Management Controller (BMC) - H610C","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/netapp-hci/downloads-tab","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Successful exploitation of this vulnerability could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).","kb_internal_notes":[{"burt":"1224942","jira":"","product":"FAS/AFF Baseboard Management Controller (BMC) - A320/C190/A220/FAS2720/FAS2750/A800"},{"burt":"1354987","jira":"","product":"NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H300E/H500E/H700E/H410S"},{"burt":"","jira":"","product":"NetApp HCI Baseboard Management Controller (BMC) - H410C"},{"burt":"1299990","jira":"","product":"NetApp HCI Baseboard Management Controller (BMC) - H610C"},{"burt":"1299992","jira":"","product":"NetApp HCI Baseboard Management Controller (BMC) - H610S"},{"burt":"1299993","jira":"","product":"NetApp HCI Baseboard Management Controller (BMC) - H615C"},{"burt":"1352783","jira":"","product":"NetApp SolidFire Baseboard Management Controller (BMC)"},{"burt":"1224943","jira":"","product":"StorageGRID Baseboard Management Controller (BMC)"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":[],"kb_rev_history":[{"comment":"Initial Public Release","date":"20190314","version":"1.0"},{"comment":"NetApp HCI Baseboard Management Controller (BMC), NetApp SolidFire Baseboard Management Controller (BMC) moved to Affected Products","date":"20190627","version":"2.0"},{"comment":"FAS/AFF Baseboard Management Controller (BMC) added to Software Versions and Fixes","date":"20191105","version":"3.0"},{"comment":"NetApp HCI Baseboard Management Controller (BMC) - H410C added to Software Versions and Fixes","date":"20200211","version":"4.0"},{"comment":"NetApp HCI Baseboard Management Controller (BMC) - H610C, NetApp HCI Baseboard Management Controller (BMC) - H610S and NetApp HCI Baseboard Management Controller (BMC) - H615C moved to Affected Products","date":"20200219","version":"5.0"},{"comment":"NetApp HCI Baseboard Management Controller (BMC) - H610C, NetApp HCI Baseboard Management Controller (BMC) - H610S, and NetApp HCI Baseboard Management Controller (BMC) - H615C added to Software Versions and Fixes","date":"20200929","version":"6.0"},{"comment":"NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H300E/H500E/H700E/H410S added to Software Versions and Fixes","date":"20201012","version":"7.0"},{"comment":"NetApp SolidFire Baseboard Management Controller (BMC) moved to Won't Fix status, Final status","date":"20211101","version":"8.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2019-6260":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"kb_scoring_calc":[{"cve_id":"CVE-2019-6260","range":"CRITICAL","score":9.8,"vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate ASPEED Baseband Management Controller (BMC) hardware and firmware. ASPEED BMC firmware through 2.6 is susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).","kb_title":"CVE-2019-6260 ASPEED BMC Vulnerability in NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","ATTO FibreBridge - 6500N","Active IQ Unified Manager for Linux","Active IQ Unified Manager for Microsoft Windows","Active IQ Unified Manager for VMware vSphere","Active IQ mobile app","Astra Trident","Brocade Fabric Operating System Firmware","Cloud Manager","Clustered Data ONTAP","Clustered Data ONTAP Antivirus Connector","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity Storage Manager","E-Series SANtricity Web Services (REST API) for Web Services Proxy","Element Plug-in for vCenter Server","FAS/AFF BIOS","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","MetroCluster Tiebreaker for clustered Data ONTAP","NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in)","NetApp Converged Systems Advisor Agent","NetApp HCI Compute Node (Bootstrap OS)","NetApp HCI Compute Node BIOS","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp SANtricity SMI-S Provider","NetApp SMI-S Provider","NetApp SolidFire & HCI Management Node","NetApp SolidFire, Enterprise SDS & HCI Storage Node (Element Software)","NetApp Storage Encryption","ONTAP Select Deploy administration utility","OnCommand Insight","OnCommand Workflow Automation","Open Systems SnapVault Agent","SAS Firmware","Service Processor","Single Mailbox Recovery","Snap Creator Framework","SnapCenter","SnapDrive for Unix","SnapManager for Hyper-V","SnapManager for Oracle","SnapManager for SAP","Storage Services Connector","StorageGRID (formerly StorageGRID Webscale)","StorageGRID Baseboard Management Controller (BMC)","System Manager 9.x"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20190314-0001","adv_id":"ntap-20190314-0001","published_date":"2019-03-14T00:00:00","updated_date":"2021-11-01T00:00:00","inserted_date":"2025-05-27T05:01:24.572000","modified_date":null}}