NetApp Products Multiple Vulnerabilities

Impact

• Denial of Service
• Information Disclosure
• Data Manipulation

System / Technologies affected

• AFF Baseboard Management Controller (BMC) - A700s
• Active IQ Unified Manager for VMware vSphere
• Clustered Data ONTAP
• Clustered Data ONTAP Antivirus Connector
• FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400
• FAS/AFF Baseboard Management Controller (BMC) - A250/500f
• NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H300E/H500E/H700E/H410S
• NetApp HCI Baseboard Management Controller (BMC) - H410C
• NetApp HCI Compute Node (Bootstrap OS)
• NetApp SANtricity SMI-S Provider
• NetApp SMI-S Provider
• NetApp SolidFire & HCI Management Node
• NetApp SolidFire, Enterprise SDS & HCI Storage Node (Element Software)
• SnapManager for Hyper-V

Solutions

• Please refer to the vendor web-site for update on patches release.
  • Software fixes will be made available through the NetApp Support website in the Software Download section.
    https://mysupport.netapp.com/site/downloads/

Vulnerability Identifier

• CVE-2021-4157
• CVE-2021-4197
• CVE-2022-0435
• CVE-2022-1292
• CVE-2022-1343
• CVE-2022-1434
• CVE-2022-1473
• CVE-2022-29156

Source

• NetApp

Related Link

• https://security.netapp.com/advisory/ntap-20220602-0001/
• https://security.netapp.com/advisory/ntap-20220602-0002/
• https://security.netapp.com/advisory/ntap-20220602-0006/
• https://security.netapp.com/advisory/ntap-20220602-0007/
• https://security.netapp.com/advisory/ntap-20220602-0009/