{"status":"success","advisory":{"_id":"683547475b16347a91c3a433","kb_acknowledgements":null,"kb_affected_list":["Active IQ Unified Manager for VMware vSphere","Brocade Fabric Operating System Firmware","NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S","NetApp HCI Compute Node (Bootstrap OS)","NetApp SolidFire & HCI Management Node","NetApp SolidFire & HCI Storage Node (Element Software)","ONTAP 9"],"kb_bad_data":false,"kb_cve":["CVE-2023-27535","CVE-2023-27536","CVE-2023-27537","CVE-2023-27538"],"kb_exploitation":"Public","kb_fixes":[{"product":"Brocade Fabric Operating System Firmware","fixes":[],"instructions":"Fixed in FOS 10.0.","wontfix":false,"eos_link":null},{"product":"NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2876227.html"},{"product":"NetApp HCI Compute Node (Bootstrap OS)","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2876227.html"},{"product":"ONTAP 9","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/ontap9/downloads-tab/download/62286/9.8P20","cves":[]},{"link":"https://mysupport.netapp.com/site/products/all/details/ontap9/downloads-tab/download/62286/9.9.1P16","cves":[]},{"link":"https://mysupport.netapp.com/site/products/all/details/ontap9/downloads-tab/download/62286/9.10.1P13","cves":[]},{"link":"https://mysupport.netapp.com/site/products/all/details/ontap9/downloads-tab/download/62286/9.11.1P10","cves":[]},{"link":"https://mysupport.netapp.com/site/products/all/details/ontap9/downloads-tab/download/62286/9.12.1P4","cves":[]},{"link":"https://mysupport.netapp.com/site/products/all/details/ontap9/downloads-tab/download/62286/9.13.1","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Successful exploitation of these vulnerabilities could lead to disclosure of sensitive information or Denial of Service (DoS).\r\n<br><br>\r\nActive IQ Unified Manager for VMware vSphere:<br>\r\nAffected by only CVE-2023-27535 and CVE-2023-27536 in all supported versions. ","kb_internal_notes":[{"burt":"1548498","jira":"","product":"AFF Baseboard Management Controller (BMC) - A700s"},{"burt":"1552358","jira":"CAIQUM-4503","product":"Active IQ Unified Manager for VMware vSphere"},{"burt":"1548499","jira":"CONTAPEXT-1132","product":"Brocade Fabric Operating System Firmware"},{"burt":"1548500","jira":"","product":"Cloud Volumes ONTAP Mediator"},{"burt":"1548507","jira":"","product":"FAS/AFF Service Processor - 8080/8060/8040/8020"},{"burt":"1548502","jira":"","product":"FAS/AFF Service Processor - A300/8200"},{"burt":"1548503","jira":"","product":"FAS/AFF Service Processor - A700/9000"},{"burt":"1548504","jira":"","product":"NetApp Converged Systems Advisor Agent"},{"burt":"1548510","jira":"","product":"NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S"},{"burt":"1548508","jira":"PSIRT-4034","product":"NetApp HCI Compute Node (Bootstrap OS)"},{"burt":"1548506","jira":"PSIRT-4032","product":"NetApp SolidFire & HCI Management Node"},{"burt":"1548509","jira":"PSIRT-4036","product":"NetApp SolidFire & HCI Storage Node (Element Software)"},{"burt":"1548525","jira":"","product":"ONTAP 9"},{"burt":"1548501","jira":"","product":"ONTAP Antivirus Connector"},{"burt":"1548505","jira":"","product":"ONTAP tools for VMware vSphere 9"},{"burt":"1548512","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"},{"burt":"1548511","jira":"","product":"StorageGRID Baseboard Management Controller (BMC) - SG6160/SGF6112/SG110/SG1100"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":["https://curl.se/docs/CVE-2023-27535.html","https://curl.se/docs/CVE-2023-27536.html","https://curl.se/docs/CVE-2023-27537.html","https://curl.se/docs/CVE-2023-27538.html"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20230420","version":"1.0"},{"comment":"ONTAP 9 (formerly Clustered Data ONTAP) moved to Affected Products","date":"20230420","version":"2.0"},{"comment":"Active IQ Unified Manager for VMware vSphere moved to Affected Products","date":"20230510","version":"3.0"},{"comment":"ONTAP 9 (formerly Clustered Data ONTAP) 9.9.1P16 added to Software Versions and Fixes","date":"20230607","version":"4.0"},{"comment":"ONTAP 9 (formerly Clustered Data ONTAP) 9.12.1P4 added to Software Versions and Fixes","date":"20230622","version":"5.0"},{"comment":"ONTAP 9 (formerly Clustered Data ONTAP) 9.10.1P13 added to Software Versions and Fixes","date":"20230626","version":"6.0"},{"comment":"ONTAP 9 (formerly Clustered Data ONTAP) 9.11.1P10 added to Software Versions and Fixes","date":"20230627","version":"7.0"},{"comment":"ONTAP 9 (formerly Clustered Data ONTAP) 9.13.1 added to Software Versions and Fixes","date":"20230627","version":"8.0"},{"comment":"ONTAP 9 (formerly Clustered Data ONTAP) 9.8P20 added to Software Versions and Fixes","date":"20230905","version":"9.0"},{"comment":"Update CVSS scores for CVE-2023-27535 and CVE-2023-275356 to match NVD","date":"20230925","version":"10.0"},{"comment":"Brocade Fabric Operating System Firmware moved to Affected Products","date":"20231010","version":"11.0"},{"comment":"NetApp HCI Compute Node (Bootstrap OS), NetApp SolidFire & HCI Management Node and NetApp SolidFire & HCI Storage Node (Element Software) moved to Affected Products","date":"20240425","version":"12.0"},{"comment":"Brocade Fabric Operating System Firmware added to Software Versions and Fixes","date":"20260608","version":"13.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2023-27535":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","CVE-2023-27536":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","CVE-2023-27537":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","CVE-2023-27538":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},"kb_scoring_calc":[{"cve_id":"CVE-2023-27535","range":"MEDIUM","score":5.9,"vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"cve_id":"CVE-2023-27536","range":"MEDIUM","score":5.9,"vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"cve_id":"CVE-2023-27537","range":"MEDIUM","score":5.9,"vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"cve_id":"CVE-2023-27538","range":"MEDIUM","score":5.5,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"kb_status":"Interim","kb_summary":"Multiple NetApp products incorporate Libcurl. Certain versions of Libcurl are susceptible to vulnerabilities which when successfully exploited could lead to disclosure of sensitive information or Denial of Service (DoS).","kb_title":"March 2023 cURL/libcURL Vulnerabilities in NetApp Products","kb_unaffected_list":["AFF BIOS - A700s","AFF Baseboard Management Controller (BMC) - A700s","ATTO FibreBridge - 7600N","Active IQ Config Advisor","Active IQ Unified Manager for Linux","Active IQ Unified Manager for Microsoft Windows","Active IQ mobile app","Astra Control Center","Brocade SAN Navigator (SANnav)","Cloud Volumes ONTAP Mediator","Data Infrastructure Insights Acquisition Unit","Data Infrastructure Insights Telegraf Agent","Data Infrastructure Insights and Data Secure Storage Workload Security Agent","E-Series BIOS","E-Series SANtricity OS Controller Software","E-Series SANtricity Unified Manager and Web Services Proxy","Element .NET SDK","Element HealthTools","Element JAVA SDK","Element Plug-in for vCenter Server","Element Powershell Tools","Element Python SDK","FAS/AFF BIOS - 8300/8700/A400/C400","FAS/AFF BIOS - A250/500f/C250","FAS/AFF BIOS - A300/8200/C190/A220/2720/2750/A150","FAS/AFF BIOS - A320","FAS/AFF BIOS - A700/9000","FAS/AFF BIOS - A800/C800","FAS/AFF BIOS - A900/9500","FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - A250/500f/C250","FAS/AFF Baseboard Management Controller (BMC) - A900/9500","FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750","FAS/AFF Service Processor - 8080/8060/8040/8020","FAS/AFF Service Processor - A300/8200","FAS/AFF Service Processor - A700/9000","Global File Cache","IOM12 SAS Disk Shelf Firmware","IOM12B SAS Disk Shelf Firmware","IOM12E SAS Disk Shelf Firmware","IOM12F SAS Disk Shelf Firmware","IOM12G SAS Disk Shelf Firmware","Management Services for Element Software and NetApp HCI","MetroCluster Tiebreaker","Multipath I/O (SANtricity DSM for Windows MPIO)","NetApp Console Agent","NetApp Converged Systems Advisor Agent","NetApp Data Classification","NetApp E-Series Host Collection","NetApp E-Series SANtricity Collection","NetApp HCI Baseboard Management Controller (BMC) - H610S","NetApp HCI Storage Node BIOS","NetApp Kubernetes Monitoring Operator","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp ONTAP PowerShell Toolkit (PSTK)","NetApp SMI-S Provider","NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO)","NetApp XCP NFS","NetApp XCP SMB","ONTAP Antivirus Connector","ONTAP Mediator","ONTAP Select Deploy administration utility","ONTAP tools for VMware vSphere 9","OnCommand Insight","SAN Host Utilities for Linux","SAN Host Utilities for Windows","SANtricity Storage Plugin for vCenter","SRA Plugin for Linux","SRA Plugin for Windows","SnapCenter","SnapCenter Plug-in for VMware vSphere","SolidFire Storage Replication Adapter","StorageGRID (formerly StorageGRID Webscale)","StorageGRID BIOS SG1000/SG100/SG1100/SG110","StorageGRID BIOS SG5660/SG5612/SG5760/SG5712","StorageGRID BIOS SG6060/SGF6024/SGF6112/SG6160","StorageGRID Baseboard Management Controller (BMC) - SG6160/SGF6112/SG110/SG1100","System Manager 9.x","Trident","Trident Autosupport"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20230420-0010","adv_id":"ntap-20230420-0010","published_date":"2023-04-20T00:00:00","updated_date":"2026-06-08T00:00:00","inserted_date":"2026-06-08T16:57:07.378000","modified_date":null}}