mickmick.net

NetApp Products Multiple Vulnerabilities

Release Date: 30 May 2023

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in NetApp Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure and data manipulation on the targeted system.

---

Impact

• Denial of Service
• Information Disclosure
• Data Manipulation

---

System / Technologies affected

• Active IQ Unified Manager for Linux
• Active IQ Unified Manager for Microsoft Windows
• Active IQ Unified Manager for VMware vSphere
• Astra Trident
• E-Series SANtricity OS Controller Software 11.x
• E-Series SANtricity Unified Manager and Web Services Proxy
• NetApp BlueXP
• NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S
• NetApp HCI Baseboard Management Controller (BMC) - H410C

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• https://security.netapp.com/advisory/ntap-20230517-0002/
• https://security.netapp.com/advisory/ntap-20230517-0006/
• https://security.netapp.com/advisory/ntap-20230525-0001/
• https://security.netapp.com/advisory/ntap-20230526-0001/
• https://security.netapp.com/advisory/ntap-20230526-0001/
• https://security.netapp.com/advisory/ntap-20230526-0002/
• https://security.netapp.com/advisory/ntap-20230526-0003/
• https://security.netapp.com/advisory/ntap-20230526-0004/
• https://security.netapp.com/advisory/ntap-20230526-0005/
• https://security.netapp.com/advisory/ntap-20230526-0006/
• https://security.netapp.com/advisory/ntap-20230526-0007/
• https://security.netapp.com/advisory/ntap-20230526-0008/
• https://security.netapp.com/advisory/ntap-20230526-0009/
• https://security.netapp.com/advisory/ntap-20230526-0010/

---

Vulnerability Identifier

• CVE-2020-24736
• CVE-2021-46880
• CVE-2022-4744
• CVE-2023-0210
• CVE-2023-0620
• CVE-2023-0665
• CVE-2023-1670
• CVE-2023-20862
• CVE-2023-24534
• CVE-2023-24536
• CVE-2023-25000
• CVE-2023-26048
• CVE-2023-26049
• CVE-2023-27311
• CVE-2023-28755
• CVE-2023-28756
• CVE-2023-29323

---

Source

• NetApp

---

Related Link

• https://security.netapp.com/advisory/ntap-20230517-0002/
• https://security.netapp.com/advisory/ntap-20230517-0006/
• https://security.netapp.com/advisory/ntap-20230525-0001/
• https://security.netapp.com/advisory/ntap-20230526-0001/
• https://security.netapp.com/advisory/ntap-20230526-0001/
• https://security.netapp.com/advisory/ntap-20230526-0002/
• https://security.netapp.com/advisory/ntap-20230526-0003/
• https://security.netapp.com/advisory/ntap-20230526-0004/
• https://security.netapp.com/advisory/ntap-20230526-0005/
• https://security.netapp.com/advisory/ntap-20230526-0006/
• https://security.netapp.com/advisory/ntap-20230526-0007/
• https://security.netapp.com/advisory/ntap-20230526-0008/
• https://security.netapp.com/advisory/ntap-20230526-0009/
• https://security.netapp.com/advisory/ntap-20230526-0010/