mickmick.net

NetApp Products Multiple Vulnerabilities

Release Date: 28 Feb 2022

RISK: Medium Risk

TYPE: Servers - Other Servers

 

Multiple vulnerabilities were identified in NetApp Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure and data manipulation on the targeted system.

---

Impact

• Denial of Service
• Information Disclosure
• Data Manipulation

---

System / Technologies affected

• NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H300E/H500E/H700E/H410S
• NetApp HCI Baseboard Management Controller (BMC) - H410C
• ONTAP Select Deploy administration utility
• BeeGFS CSI Driver
• Cloud Insights Telegraf Agent
• NetApp Kubernetes Monitoring Operator
• StorageGRID (formerly StorageGRID Webscale)

---

Solutions

• Please refer to the vendor web-site for update on patches release.
  • Links can be found in "Related Link" section.
  • Software fixes will be made available through the NetApp Support website in the Software Download section.
    https://mysupport.netapp.com/site/downloads/

---

Vulnerability Identifier

• CVE-2021-4154
• CVE-2022-0391
• CVE-2022-23772
• CVE-2022-23773
• CVE-2022-23806
• CVE-2022-24958

---

Source

• NetApp

---

Related Link

• https://security.netapp.com/advisory/ntap-20220225-0004/
• https://security.netapp.com/advisory/ntap-20220225-0006/
• https://security.netapp.com/advisory/ntap-20220225-0008/
• https://security.netapp.com/advisory/ntap-20220225-0009/