mickmick.net

NetApp Products Multiple Vulnerabilities

Release Date: 6 Jun 2022

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in NetApp Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure and data manipulation on the targeted system.

---

Impact

• Denial of Service
• Information Disclosure
• Data Manipulation

---

System / Technologies affected

• AFF Baseboard Management Controller (BMC) - A700s
• Active IQ Unified Manager for VMware vSphere
• Clustered Data ONTAP
• Clustered Data ONTAP Antivirus Connector
• FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400
• FAS/AFF Baseboard Management Controller (BMC) - A250/500f
• NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H300E/H500E/H700E/H410S
• NetApp HCI Baseboard Management Controller (BMC) - H410C
• NetApp HCI Compute Node (Bootstrap OS)
• NetApp SANtricity SMI-S Provider
• NetApp SMI-S Provider
• NetApp SolidFire & HCI Management Node
• NetApp SolidFire, Enterprise SDS & HCI Storage Node (Element Software)
• SnapManager for Hyper-V

---

Solutions

• Please refer to the vendor web-site for update on patches release.
  • Software fixes will be made available through the NetApp Support website in the Software Download section.
    https://mysupport.netapp.com/site/downloads/

---

Vulnerability Identifier

• CVE-2021-4157
• CVE-2021-4197
• CVE-2022-0435
• CVE-2022-1292
• CVE-2022-1343
• CVE-2022-1434
• CVE-2022-1473
• CVE-2022-29156

---

Source

• NetApp

---

Related Link

• https://security.netapp.com/advisory/ntap-20220602-0001/
• https://security.netapp.com/advisory/ntap-20220602-0002/
• https://security.netapp.com/advisory/ntap-20220602-0006/
• https://security.netapp.com/advisory/ntap-20220602-0007/
• https://security.netapp.com/advisory/ntap-20220602-0009/