mickmick.net

NetApp Products Multiple Vulnerabilities

Release Date: 15 May 2023

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in NetApp Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure, data manipulation, elevation of privilege, security restriction bypass and remote code execution on the targeted system.

---

Impact

• Denial of Service
• Information Disclosure
• Data Manipulation
• Elevation of Privilege
• Security Restriction Bypass
• Remote Code Execution

---

System / Technologies affected

• AFF Baseboard Management Controller (BMC) - A700s
• Astra Trident
• FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400/C400
• NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S
• NetApp HCI Baseboard Management Controller (BMC) - H410C
• SnapCenter

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• https://security.netapp.com/advisory/ntap-20230511-0006/
• https://security.netapp.com/advisory/ntap-20230511-0009/
• https://security.netapp.com/advisory/ntap-20230511-0008/
• https://security.netapp.com/advisory/ntap-20230511-0005/
• https://security.netapp.com/advisory/ntap-20230511-0001/
• https://security.netapp.com/advisory/ntap-20230511-0011/
• https://security.netapp.com/advisory/ntap-20230511-0002/
• https://security.netapp.com/advisory/ntap-20230511-0003/
• https://security.netapp.com/advisory/ntap-20230511-0004/
• https://security.netapp.com/advisory/ntap-20230511-0010/

---

Vulnerability Identifier

• CVE-2022-3162
• CVE-2023-0179
• CVE-2023-1077
• CVE-2023-1096
• CVE-2023-1380
• CVE-2023-1544
• CVE-2023-1550
• CVE-2023-1579
• CVE-2023-1652
• CVE-2023-25930
• CVE-2023-26021
• CVE-2023-26022
• CVE-2023-27555
• CVE-2023-27559
• CVE-2023-29255
• CVE-2023-29257

---

Source

• NetApp

---

Related Link

• https://security.netapp.com/advisory/ntap-20230511-0006/
• https://security.netapp.com/advisory/ntap-20230511-0009/
• https://security.netapp.com/advisory/ntap-20230511-0008/
• https://security.netapp.com/advisory/ntap-20230511-0005/
• https://security.netapp.com/advisory/ntap-20230511-0001/
• https://security.netapp.com/advisory/ntap-20230511-0011/
• https://security.netapp.com/advisory/ntap-20230511-0002/
• https://security.netapp.com/advisory/ntap-20230511-0003/
• https://security.netapp.com/advisory/ntap-20230511-0004/
• https://security.netapp.com/advisory/ntap-20230511-0010/
• https://www.ibm.com/support/pages/node/6985691/