{"status":"success","advisory":{"_id":"683547445b16347a91c3a38f","kb_acknowledgements":null,"kb_affected_list":["NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S","NetApp HCI Baseboard Management Controller (BMC) - H410C"],"kb_bad_data":false,"kb_cve":["CVE-2015-8391","CVE-2015-8383","CVE-2015-8386","CVE-2015-8387","CVE-2015-8389","CVE-2015-8390","CVE-2015-8393","CVE-2015-8394"],"kb_exploitation":"Public","kb_fixes":[{"product":"NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2876227.html"},{"product":"NetApp HCI Baseboard Management Controller (BMC) - H410C","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2876227.html"}],"kb_impact":"Successful exploitation of these vulnerabilities could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).","kb_internal_notes":[{"burt":"1535270","jira":"","product":"7-Mode Transition Tool"},{"burt":"1535278","jira":"","product":"Active IQ Unified Manager for VMware vSphere"},{"burt":"","jira":"ICI-11709","product":"Data Infrastructure Insights Storage Workload Security Agent (formerly Cloud Insights Storage Workload Security Agent)"},{"burt":"1535272","jira":"","product":"E-Series SANtricity OS Controller Software 11.x"},{"burt":"1535274","jira":"","product":"NetApp Converged Systems Advisor Agent"},{"burt":"1535285","jira":"","product":"NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S"},{"burt":"1535275","jira":"PSIRT-3533","product":"NetApp HCI Baseboard Management Controller (BMC) - H410C"},{"burt":"1535282","jira":"","product":"NetApp HCI Compute Node (Bootstrap OS)"},{"burt":"1535277","jira":"","product":"NetApp SolidFire & HCI Management Node"},{"burt":"1535283","jira":"","product":"NetApp SolidFire & HCI Storage Node (Element Software)"},{"burt":"999620","jira":"","product":"ONTAP 9"},{"burt":"1535280","jira":"","product":"ONTAP Select Deploy administration utility"},{"burt":"1535281","jira":"","product":"SnapCenter"},{"burt":"1535286","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":[],"kb_rev_history":[{"comment":"Initial Public Release","date":"20230216","version":"1.0"},{"comment":"StorageGRID (formerly StorageGRID Webscale) moved to Products Not Affected","date":"20230216","version":"2.0"},{"comment":"ONTAP Select Deploy administration utility, SnapCenter, Cloud Secure Agent, Active IQ Unified Manager for VMware vSphere and NetApp Converged Systems Advisor Agent moved to Products Not Affected, NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S moved to Won't Fix status","date":"20230228","version":"3.0"},{"comment":"7-Mode Transition Tool moved to Products Not Affected","date":"20230307","version":"4.0"},{"comment":"NetApp HCI Compute Node (Bootstrap OS), NetApp SolidFire & HCI Storage Node (Element Software) and NetApp SolidFire & HCI Management Node moved to Affected Products","date":"20230501","version":"5.0"},{"comment":"NetApp HCI Baseboard Management Controller (BMC) - H410C moved to Won't Fix status, Final status","date":"20250515","version":"6.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2015-8383":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2015-8386":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2015-8387":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","CVE-2015-8389":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2015-8390":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2015-8391":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2015-8393":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","CVE-2015-8394":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"kb_scoring_calc":[{"cve_id":"CVE-2015-8383","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2015-8386","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2015-8387","range":"HIGH","score":7.3,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"cve_id":"CVE-2015-8389","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2015-8390","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2015-8391","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2015-8393","range":"HIGH","score":7.5,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"cve_id":"CVE-2015-8394","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate PCRE. PCRE versions prior to 8.38 are susceptible to vulnerabilities which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). ","kb_title":"December 2015 PCRE Vulnerabilities in NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","Active IQ Unified Manager for VMware vSphere","Brocade Fabric Operating System Firmware","Data Infrastructure Insights Storage Workload Security Agent (formerly Cloud Insights Storage Workload Security Agent)","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity Unified Manager and Web Services Proxy","FAS/AFF BIOS - 8300/8700/A400/C400","MetroCluster Tiebreaker","NetApp BlueXP","NetApp Converged Systems Advisor Agent","NetApp HCI Compute Node (Bootstrap OS)","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp ONTAP PowerShell Toolkit (PSTK)","NetApp SMI-S Provider","NetApp SolidFire & HCI Management Node","NetApp SolidFire & HCI Storage Node (Element Software)","ONTAP 9","ONTAP Antivirus Connector","ONTAP Select Deploy administration utility","OnCommand Insight","SAN Host Utilities for Linux","SAN Host Utilities for Windows","Single Mailbox Recovery","Snap Creator Framework","SnapCenter","SnapManager for Hyper-V","StorageGRID (formerly StorageGRID Webscale)","System Manager 9.x"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20230216-0002","adv_id":"ntap-20230216-0002","published_date":"2023-02-16T00:00:00","updated_date":"2025-05-15T00:00:00","inserted_date":"2025-05-27T05:01:56.223000","modified_date":null}}