NetApp Products Multiple Vulnerabilities

Impact

• Denial of Service
• Information Disclosure
• Data Manipulation

System / Technologies affected

• ONTAP Select Deploy administration utility
• FAS/AFF Baseboard Management Controller (BMC) - A250
• NetApp HCI Compute Node (Bootstrap OS)
• NetApp SolidFire & HCI Management Node
• NetApp SolidFire & HCI Storage Node (Element Software)
• FAS/AFF Baseboard Management Controller (BMC)
• Service Processor

Solutions

Before installation of the software, please visit the vendor web-site for more details.

• Apply fixes issued by the vendor. For detail, please refer to the link below:
  https://security.netapp.com/advisory/ntap-20210115-0001/
  https://security.netapp.com/advisory/ntap-20210115-0002/
  https://security.netapp.com/advisory/ntap-20210115-0003/
  https://security.netapp.com/advisory/ntap-20210115-0004/
  https://security.netapp.com/advisory/ntap-20210115-0005/
  https://security.netapp.com/advisory/ntap-20210115-0006/
  https://security.netapp.com/advisory/ntap-20210115-0007/
  https://security.netapp.com/advisory/ntap-20210115-0008/

Vulnerability Identifier

• CVE-2020-16590
• CVE-2020-16591
• CVE-2020-16592
• CVE-2020-16598
• CVE-2020-17530
• CVE-2020-17531
• CVE-2020-25613
• CVE-2020-27730
• CVE-2020-27821
• CVE-2020-29369
• CVE-2020-29374

Source

• SecurityWizardry
• NetApp

Related Link

• https://www.securitywizardry.com/the-radar-page/alert-details#alerts
• https://security.netapp.com/advisory/
• https://security.netapp.com/advisory/ntap-20210115-0001/
• https://security.netapp.com/advisory/ntap-20210115-0002/
• https://security.netapp.com/advisory/ntap-20210115-0003/
• https://security.netapp.com/advisory/ntap-20210115-0004/
• https://security.netapp.com/advisory/ntap-20210115-0005/
• https://security.netapp.com/advisory/ntap-20210115-0006/
• https://security.netapp.com/advisory/ntap-20210115-0007/
• https://security.netapp.com/advisory/ntap-20210115-0008/