Solved: Security Warning - Service Processor Firmware upgrades required

AlexDawson · ‎2019-03-05

Hi Everyone!

We have today posted this article on our security site - https://security.netapp.com/advisory/ntap-20190305-0001/ alerting all customers to a newly discovered security issue with service processors inside ONTAP systems.

The affected models are FAS80x0, FAS8200, AFF A300, FAS22xx, FAS25xx, FAS26xx, AFF A200, FAS9000 and AFF A700.

In case of disagreement, the CVE doc is authoritative.

AlexDawson · ‎2019-03-06

Hi Adam,

I understand your concern and have requested that our security team work with NIST to ensure this content is corrected, however with a severity of 9.8, this is not a “watch and act” advisory - you should move ahead with the SP upgrades ASAP.

View solution in original post

apjkellyuk · ‎2019-03-06

Alex,

Please can you ensure that the link to the CVE documentation is updated in your advisory as currently the link is not valid and we would like to fully review this prior to completing an upgrade.

Thanks

Adam

AlexDawson · ‎2019-03-06

Hi Adam,

I understand your concern and have requested that our security team work with NIST to ensure this content is corrected, however with a severity of 9.8, this is not a “watch and act” advisory - you should move ahead with the SP upgrades ASAP.

refsysadmin · ‎2019-03-13

We have a FAS255. Our service processor firmware version is 2.6. Our ONTAP version is NetApp Release 9.3P6. I don't see a patch for 2.6. Does this mean we have to update ONTAP too?