AFF, NVMe, EF-Series, and SolidFire Discussions

Highlighted

Security Warning - Service Processor Firmware upgrades required

Hi Everyone!

 

We have today posted this article on our security site - https://security.netapp.com/advisory/ntap-20190305-0001/ alerting all customers to a newly discovered security issue with service processors inside ONTAP systems.

 

The affected models are FAS80x0, FAS8200, AFF A300, FAS22xx, FAS25xx, FAS26xx, AFF A200, FAS9000 and AFF A700.

 

In case of disagreement, the CVE doc is authoritative.

3 REPLIES 3

Re: Security Warning - Service Processor Firmware upgrades required

Alex,

 

Please can you ensure that the link to the CVE documentation is updated in your advisory as currently the link is not valid and we would like to fully review this prior to completing an upgrade.

 

Thanks

Adam

Re: Security Warning - Service Processor Firmware upgrades required

Hi Adam,

 

I understand your concern and have requested that our security team work with NIST to ensure this content is corrected, however with a severity of 9.8, this is not a “watch and act” advisory -  you should move ahead with the SP upgrades ASAP.

Re: Security Warning - Service Processor Firmware upgrades required

We have a FAS255. Our service processor firmware version is 2.6. Our ONTAP version is NetApp Release 9.3P6.  I don't see a patch for 2.6. Does this mean we have to update ONTAP too?

 

Forums