{"status":"success","advisory":{"_id":"6835472f5b16347a91c39f82","kb_acknowledgements":null,"kb_affected_list":["NetApp Cloud Backup (formerly AltaVault)","NetApp SolidFire & HCI Management Node","NetApp SolidFire Baseboard Management Controller (BMC)"],"kb_bad_data":false,"kb_cve":["CVE-2018-10103","CVE-2018-10105","CVE-2018-14461","CVE-2018-14462","CVE-2018-14463","CVE-2018-14464","CVE-2018-14465","CVE-2018-14466","CVE-2018-14467","CVE-2018-14468","CVE-2018-14469","CVE-2018-14470","CVE-2018-14879","CVE-2018-14880","CVE-2018-14881","CVE-2018-14882","CVE-2018-16227","CVE-2018-16228","CVE-2018-16229","CVE-2018-16230","CVE-2018-16300","CVE-2018-16451","CVE-2018-16452","CVE-2019-15166"],"kb_exploitation":"Public","kb_fixes":[{"product":"NetApp SolidFire & HCI Management Node","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/element-software/downloads-tab/download/62654/12.5","cves":[]},{"link":"https://mysupport.netapp.com/site/products/all/details/netapp-hci/downloads-tab/download/62542/1.10","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp Cloud Backup (formerly AltaVault)","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2880179.html"},{"product":"NetApp SolidFire Baseboard Management Controller (BMC)","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2847476.html "}],"kb_impact":"Successful exploitation of these vulnerabilities could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).","kb_internal_notes":[{"burt":"1278582","jira":"","product":"AFF Baseboard Management Controller (BMC) - A700s"},{"burt":"1278587","jira":"","product":"Active IQ Unified Manager for VMware vSphere"},{"burt":"1278583","jira":"","product":"FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750"},{"burt":"1278588","jira":"","product":"FAS/AFF Service Processor - 8080/8060/8040/8020"},{"burt":"","jira":"PSIRT-17729","product":"FAS/AFF Service Processor - A300/8200"},{"burt":"1278585","jira":"","product":"NetApp Cloud Backup (formerly AltaVault)"},{"burt":"","jira":"","product":"NetApp HCI Compute Node (Bootstrap OS)"},{"burt":"","jira":"","product":"NetApp HCI Storage Nodes"},{"burt":"1352758","jira":"","product":"NetApp SolidFire & HCI Management Node"},{"burt":"","jira":"","product":"NetApp SolidFire & HCI Storage Node (Element Software)"},{"burt":"1309204","jira":"","product":"NetApp SolidFire Baseboard Management Controller (BMC)"},{"burt":"1278586","jira":"","product":"NetApp VASA Provider for Clustered Data ONTAP 9.7 and above"},{"burt":"1278603","jira":"","product":"ONTAP 9"},{"burt":"1278584","jira":"","product":"Storage Replication Adapter for Clustered Data ONTAP for VMware vSphere 9.7 and above"},{"burt":"1278590","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"},{"burt":"1278589","jira":"","product":"StorageGRID Baseboard Management Controller (BMC) - SG6160/SGF6112/SG110/SG1100"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":[],"kb_rev_history":[{"comment":"Initial Public Release","date":"20200120","version":"1.0"},{"comment":"NetApp SolidFire Baseboard Management Controller (BMC) moved to Won't Fix status","date":"20211101","version":"2.0"},{"comment":"NetApp Cloud Backup (formerly AltaVault) moved to Won't Fix status","date":"20220106","version":"3.0"},{"comment":"NetApp SolidFire & HCI Management Node added to Software Versions and Fixes, Final status","date":"20220527","version":"4.0"},{"comment":"FAS/AFF Service Processor - A300/8200 moved to Products Under Investigation","date":"20250625","version":"5.0"},{"comment":"FAS/AFF Service Processor - A300/8200 moved to Products Not Affected","date":"20250627","version":"6.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2018-10103":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-10105":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-14461":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-14462":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-14463":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-14464":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-14465":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-14466":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-14467":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-14468":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-14469":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-14470":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-14879":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-14880":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-14881":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-14882":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-16227":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-16228":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-16229":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-16230":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-16300":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","CVE-2018-16451":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2018-16452":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","CVE-2019-15166":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"kb_scoring_calc":[{"cve_id":"CVE-2018-10103","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-10105","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-14461","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-14462","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-14463","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-14464","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-14465","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-14466","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-14467","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-14468","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-14469","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-14470","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-14879","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-14880","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-14881","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-14882","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-16227","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-16228","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-16229","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-16230","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-16300","range":"HIGH","score":7.5,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"cve_id":"CVE-2018-16451","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2018-16452","range":"HIGH","score":7.5,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"cve_id":"CVE-2019-15166","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate Tcpdump. Tcpdump versions prior to 4.9.3 are susceptible to vulnerabilities which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).","kb_title":"October 2019 Tcpdump Vulnerabilities in NetApp Products","kb_unaffected_list":["AFF Baseboard Management Controller (BMC) - A700s","Active IQ Unified Manager for Linux","Active IQ Unified Manager for Microsoft Windows","Active IQ Unified Manager for VMware vSphere","Active IQ mobile app","Brocade Fabric Operating System Firmware","Brocade SAN Navigator (SANnav)","Cloud Volumes ONTAP Mediator","Data Infrastructure Insights Storage Workload Security Agent (formerly Cloud Insights Storage Workload Security Agent)","Data Infrastructure Insights Telegraf Agent (formerly Cloud Insights Telegraf Agent)","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity Unified Manager and Web Services Proxy","Element HealthTools","Element Plug-in for vCenter Server","FAS/AFF BIOS - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750","FAS/AFF Service Processor - 8080/8060/8040/8020","FAS/AFF Service Processor - A300/8200","MetroCluster Tiebreaker","NetApp BlueXP","NetApp HCI Compute Node (Bootstrap OS)","NetApp HCI Storage Nodes","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp ONTAP PowerShell Toolkit (PSTK)","NetApp SMI-S Provider","NetApp SolidFire & HCI Storage Node (Element Software)","NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO)","NetApp VASA Provider for Clustered Data ONTAP 9.7 and above","ONTAP 9","ONTAP Antivirus Connector","ONTAP Select Deploy administration utility","OnCommand Insight","SAN Host Utilities for Linux","SAN Host Utilities for Windows","Single Mailbox Recovery","Snap Creator Framework","SnapCenter","SnapCenter Plug-in for VMware vSphere/BlueXP backup and Recovery for Virtual Machine","SnapManager for Hyper-V","SolidFire Storage Replication Adapter","Storage Replication Adapter for Clustered Data ONTAP for VMware vSphere 9.7 and above","StorageGRID (formerly StorageGRID Webscale)","StorageGRID Baseboard Management Controller (BMC) - SG6160/SGF6112/SG110/SG1100","System Manager 9.x","Trident"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20200120-0001","adv_id":"ntap-20200120-0001","published_date":"2020-01-20T00:00:00","updated_date":"2025-06-27T00:00:00","inserted_date":"2025-06-27T10:40:37.087000","modified_date":null}}