OpenSSH 7.4 Not Installed Multiple Vulnerabilities
Device is a FAS2240-2
Version 8.2.5 7
Is this system vulnerable. Many Linux systems run an older version of OpenSSH but they are patch to version 7.4.
This is information is easy to find for many operating systems and appliacnes but NetApp seems to lack in simple listings of vulnerability documentation and mitigations.
Does NetApp do this.
I found this link "https://security.netapp.com/advisory/ntap-20171130-0002/" but it states nothing for mitigation. Like what version is fixed.
Being that NetApp should be PCI compliant which means it must be patched for all Critical and High vulnerabilites I would hope it is or can be patched.
Teh CVE's in question are CVE-2016-10012, CVE-2016-10011, CVE-2016-10010, CVE-2016-10009
Solved! See The Solution
I know it's not obvious when looking at the specific page, but this text to the right of "Overview" are additional tabs of information.
Affected Products Remediation Revision History
If you click on Remediation, you will see ONTAP 8.2.5 7-Mode has a fix.