{"status":"success","advisory":{"_id":"683547425b16347a91c3a327","kb_acknowledgements":null,"kb_affected_list":["Active IQ Unified Manager for VMware vSphere","Brocade Fabric Operating System Firmware","NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S","NetApp HCI Compute Node (Bootstrap OS)","NetApp SolidFire & HCI Management Node","ONTAP 9"],"kb_bad_data":false,"kb_cve":["CVE-2022-42915","CVE-2022-42916"],"kb_exploitation":"Public","kb_fixes":[{"product":"Brocade Fabric Operating System Firmware","fixes":[],"instructions":"First fixed in Brocade Fabric Operating System Firmware version 9.1.","wontfix":false,"eos_link":null},{"product":"ONTAP 9","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/ontap9/downloads-tab/download/62286/9.11.1P6","cves":[]},{"link":"https://mysupport.netapp.com/site/products/all/details/ontap9/downloads-tab/download/62286/9.12.1","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2876227.html"},{"product":"NetApp HCI Compute Node (Bootstrap OS)","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2876227.html"}],"kb_impact":"Successful exploitation of these vulnerabilities could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).\r\n<br><br>\r\nONTAP 9 (formerly Clustered Data ONTAP):<br>\r\nAffected only in 9.11.1.\r\n<br><br>\r\nActive IQ Unified Manager for VMware vSphere: <br>\r\nAffected by CVE-2022-42916 only in version 9.12.","kb_internal_notes":[{"burt":"1517832","jira":"","product":"AFF Baseboard Management Controller (BMC) - A700s"},{"burt":"1552365","jira":"CAIQUM-4515","product":"Active IQ Unified Manager for VMware vSphere"},{"burt":"1517833","jira":"","product":"Brocade Fabric Operating System Firmware"},{"burt":"1517834","jira":"","product":"Cloud Volumes ONTAP Mediator"},{"burt":"1517837","jira":"","product":"FAS/AFF Service Processor - 2554/2552/2520"},{"burt":"1517843","jira":"","product":"FAS/AFF Service Processor - 8080/8060/8040/8020"},{"burt":"1517838","jira":"","product":"FAS/AFF Service Processor - A300/8200"},{"burt":"1517839","jira":"","product":"FAS/AFF Service Processor - A700/9000"},{"burt":"1517840","jira":"","product":"NetApp Converged Systems Advisor Agent"},{"burt":"1517847","jira":"","product":"NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S"},{"burt":"1517845","jira":"PSIRT-2935","product":"NetApp HCI Compute Node (Bootstrap OS)"},{"burt":"1517842","jira":"PSIRT-2933","product":"NetApp SolidFire & HCI Management Node"},{"burt":"1517846","jira":"PSIRT-2937","product":"NetApp SolidFire & HCI Storage Node (Element Software)"},{"burt":"1517836","jira":"","product":"ONTAP 9"},{"burt":"1517835","jira":"","product":"ONTAP Antivirus Connector"},{"burt":"1517841","jira":"","product":"ONTAP tools for VMware vSphere 9"},{"burt":"1517849","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"},{"burt":"1517848","jira":"","product":"StorageGRID Baseboard Management Controller (BMC) - SG6160/SGF6112/SG110/SG1100"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":["https://curl.se/docs/CVE-2022-42915.html","https://curl.se/docs/CVE-2022-42916.html"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20221209","version":"1.0"},{"comment":"NetApp Converged Systems Advisor Agent and Cloud Volumes ONTAP Mediator moved to Products Not Affected, NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S moved to Won't Fix status","date":"20221212","version":"2.0"},{"comment":"ONTAP tools for VMware vSphere moved to Products Not Affected, ONTAP 9 moved to Affected Products","date":"20221219","version":"3.0"},{"comment":"ONTAP 9 (formerly Clustered Data ONTAP) 9.11.1P6 added to Software Versions and Fixes","date":"20230208","version":"4.0"},{"comment":"ONTAP 9 (formerly Clustered Data ONTAP) 9.9.1P14 added to Software Versions and Fixes","date":"20230216","version":"5.0"},{"comment":"ONTAP 9 (formerly Clustered Data ONTAP) 9.10.1P11 added to Software Versions and Fixes, Impact updated with affected ONTAP 9 versions, Brocade Fabric Operating System Firmware moved to Products Not Affected","date":"20230306","version":"6.0"},{"comment":"ONTAP 9 (formerly Clustered Data ONTAP) 9.8P17 added to Software Versions and Fixes","date":"20230307","version":"7.0"},{"comment":"After additional review Brocade Fabric Operating System Firmware moved to Affected Products and added to Software Versions and Fixes, non-affected versions of ONTAP 9 (formerly Clustered Data ONTAP) removed from Software Versions and Fixes","date":"20230314","version":"8.0"},{"comment":"Updated Impact section for affected versions of ONTAP 9 (formerly Clustered Data ONTAP), ONTAP 9 (formerly Clustered Data ONTAP) 9.12.1 added to Software Versions and Fixes","date":"20230314","version":"9.0"},{"comment":"NetApp SolidFire & HCI Management Node, NetApp HCI Compute Node (Bootstrap OS) and NetApp SolidFire & HCI Storage Node (Element Software) moved to Affected Products","date":"20230411","version":"10.0"},{"comment":"Active IQ Unified Manager for VMware vSphere moved to Affected Products","date":"20230510","version":"11.0"},{"comment":"After additional review NetApp SolidFire & HCI Storage Node (Element Software) moved to Products Not Affected","date":"20260324","version":"12.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2022-42915":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2022-42916":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},"kb_scoring_calc":[{"cve_id":"CVE-2022-42915","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2022-42916","range":"HIGH","score":7.5,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"kb_status":"Interim","kb_summary":"Multiple NetApp products incorporate Libcurl. Libcurl versions 7.77.0 prior to 7.86.0 are susceptible to vulnerabilities which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).","kb_title":"October 2022 cURL/libcURL Vulnerabilities in NetApp Products","kb_unaffected_list":["AFF BIOS - A700s","AFF Baseboard Management Controller (BMC) - A700s","ATTO FibreBridge - 7600N","Active IQ Unified Manager for Linux","Active IQ Unified Manager for Microsoft Windows","Active IQ mobile app","Astra Control Center","Astra Control Center - NetApp Kubernetes Monitoring Operator","Brocade SAN Navigator (SANnav)","Cloud Volumes ONTAP Mediator","Data Infrastructure Insights Acquisition Unit (formerly Cloud Insights Acquisition Unit)","Data Infrastructure Insights Storage Workload Security Agent (formerly Cloud Insights Storage Workload Security Agent)","Data Infrastructure Insights Telegraf Agent (formerly Cloud Insights Telegraf Agent)","E-Series BIOS","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity Unified Manager and Web Services Proxy","Element .NET SDK","Element HealthTools","Element JAVA SDK","Element Plug-in for vCenter Server","Element Powershell Tools","Element Python SDK","FAS/AFF BIOS - 8300/8700/A400/C400","FAS/AFF BIOS - A250/500f/C250","FAS/AFF BIOS - A300/8200/C190/A220/2720/2750/A150","FAS/AFF BIOS - A320","FAS/AFF BIOS - A700/9000","FAS/AFF BIOS - A800/C800","FAS/AFF BIOS - A900/9500","FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - A250/500f/C250","FAS/AFF Baseboard Management Controller (BMC) - A900/9500","FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750","FAS/AFF Service Processor - 2554/2552/2520","FAS/AFF Service Processor - 8080/8060/8040/8020","FAS/AFF Service Processor - A300/8200","FAS/AFF Service Processor - A700/9000","Global File Cache","Management Services for Element Software and NetApp HCI","MetroCluster Tiebreaker","Multipath I/O (SANtricity DSM for Windows MPIO)","NetApp Console","NetApp Converged Systems Advisor Agent","NetApp Data Classification","NetApp E-Series Host Collection","NetApp E-Series SANtricity Collection","NetApp HCI Baseboard Management Controller (BMC) - H610S","NetApp HCI Storage Node BIOS","NetApp Kubernetes Monitoring Operator","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp ONTAP PowerShell Toolkit (PSTK)","NetApp SMI-S Provider","NetApp SolidFire & HCI Storage Node (Element Software)","NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO)","NetApp XCP NFS","NetApp XCP SMB","ONTAP Antivirus Connector","ONTAP Mediator","ONTAP Select Deploy administration utility","ONTAP tools for VMware vSphere 9","OnCommand Insight","SAN Host Utilities for Linux","SAN Host Utilities for Windows","SANtricity Storage Plugin for vCenter","SRA Plugin for Linux","SRA Plugin for Windows","Single Mailbox Recovery","SnapCenter","SnapCenter Plug-in for VMware vSphere","SolidFire Storage Replication Adapter","StorageGRID (formerly StorageGRID Webscale)","StorageGRID BIOS SG1000/SG100/SG1100/SG110","StorageGRID BIOS SG5660/SG5612/SG5760/SG5712","StorageGRID BIOS SG6060/SGF6024/SGF6112/SG6160","StorageGRID Baseboard Management Controller (BMC) - SG6160/SGF6112/SG110/SG1100","System Manager 9.x","Trident","Trident Autosupport"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20221209-0010","adv_id":"ntap-20221209-0010","published_date":"2022-12-09T00:00:00","updated_date":"2026-03-24T00:00:00","inserted_date":"2026-03-24T07:23:33.882000","modified_date":null}}