The Indian Computer Emergency Response Team (CERT-In) has issued an alert on a series of NetApp vulnerabilities, potentially exposing NetApp products to risks such as denial of service (DoS) attacks, sensitive information disclosure, and data manipulation.
In response to a query by The Cyber Express, NetApp said that they have a robust product security vulnerability and response handling policy. “We follow secure development principles throughout our product development lifecycle and improve on our secure-development programs on a continuing basis,” the official response read.
Moreover, they stated that NetApp tracks published vulnerabilities and maintain a program whereby customers and researchers submit information about potential vulnerabilities.
Below are the security advisories issued on the company’s website:
- HCI affected: https://security.netapp.com/advisory/ntap-20230601-0001/
- AIQ UM only product listed as affected: https://security.netapp.com/advisory/ntap-20230601-0004/
- No products listed as affected: https://security.netapp.com/advisory/ntap-20230601-0008/
- HCI affected: https://security.netapp.com/advisory/ntap-20230601-0009/
- HCI affected: https://security.netapp.com/advisory/ntap-20230601-0010/
Unveiling the NetApp vulnerabilities
Multiple NetApp products, spanning a range of system technologies, were found to harbor vulnerabilities.
Here are the systems and technologies affected by the NetApp vulnerabilities
Active IQ Unified Manager for Linux
Active IQ Unified Manager for Microsoft Windows
Active IQ Unified Manager for VMware vSphere
Astra Trident
E-Series SANtricity OS Controller Software 11.x
E-Series SANtricity Unified Manager and Web Services Proxy
NetApp BlueXP
NetApp HCI Baseboard Management Controllers (BMC) such as H300S/H500S/H700S/H410S and H410C.
These are the specific NetApp vulnerabilities that were found in these products.
NetApp vulnerabilities: The latest five
CVE-2023-1829: Linux Kernel vulnerability in NetApp products
NetApp products integrating the Linux kernel, specifically versions before 6.3, are susceptible to this vulnerability. Exploiting it can result in the unauthorized disclosure of sensitive information, tampering with data, or triggering a DoS attack.
CVE-2023-1989: Linux Kernel vulnerability in NetApp products
Similar to the previous vulnerability, this affects NetApp products incorporating the Linux kernel. Versions prior to 6.3-rc4 are at risk, potentially leading to the disclosure of sensitive information, data manipulation, or a DoS attack.
CVE-2023-30846: Node.js vulnerability in NetApp products
This vulnerability pertains to NetApp products utilizing Node.js, specifically impacting versions prior to 1.8.0 of the Node.js library typed-rest-client. Successful exploitation of this vulnerability can expose sensitive information.
CVE-2023-20873: Spring Boot vulnerability in NetApp products
Multiple NetApp products that incorporate Spring Boot are affected by this vulnerability. It encompasses versions 3.0.0 through 3.0.5, 2.7.0 through 2.7.10, and older unsupported versions. This vulnerability could lead to disclosing sensitive information, unauthorized data modifications, or a DoS attack if exploited.
CVE-2023-2236: Linux Kernel vulnerability in NetApp products
NetApp products that integrate the Linux kernel, particularly versions 5.19 before 6.1-rc7, are vulnerable to this specific vulnerability. Successful exploitation could result in the unauthorized disclosure of sensitive information, data manipulation, or a DoS attack.
NetApp recently introduced significant changes across various product domains, including the release of their latest entry-level ASA (All-SAN Array) block storage devices, namely the ASA A150 and A250.
Additionally, it also announced improvements to its Advance subscription model, which now comes with a ransomware data guarantee and data availability assurances that boast an impressive uptime of six nines, equivalent to slightly over 30 seconds of downtime per year.
Mitigation and best practices for fixing vulnerability in NetApp products
Immediate action is crucial to mitigate vulnerabilities and fortify the security of NetApp product deployments. NetApp product users should consider the following steps, as shared by the NetApp advisories.
- Patch and update: Regularly update NetApp products and associated software with NetApp’s latest patches and security updates. This ensures that known vulnerabilities are addressed promptly.
- Implement robust security measures: Employ robust security measures, such as firewalls, intrusion detection systems, and endpoint protection, to fortify network defenses and detect potential threats.
- Enforce access controls: Utilize strong access controls, including unique user accounts, strong passwords, and the principle of least privilege, to limit unauthorized access to sensitive information and system functionalities.
- Regular data backups: Maintain regular backups of critical data to minimize the impact of potential data manipulation or loss resulting from an attack. Implement appropriate backup strategies and ensure their integrity.
- Stay Informed: Stay abreast of security advisories and updates provided by NetApp and other trusted sources. Regularly monitor emerging threats and vulnerabilities to address any new risks proactively.
By following these recommendations, NetApp product users can significantly enhance the security of their deployments and effectively address vulnerabilities.
