It is not comprehensive. I understand the attack vectors for the bash vulnerability as a whole. I do not know the attack vectors that could impact a NetApp filer running ONTAP.
I have a support case open as well. I just posted here to maybe get more visibility because the support case isn't helping. There are other vendors who use bash, but they have stated that their system is only vulnerable if you SSH into a device with credentials already, so the risk is low in that case becuase you would already need to have administrative credentials to login. I don't know the risk with our NetApps. Are they vulnerable via the web interface without logging in? Is there another vector that would work against them that wouldn't require authenticaiton?
I'm not trying to figure out how to "break a netapp". I'm trying to verify that our data, and our clients data is safe and not open to an unauthenticated attack. We have clients of ours asking us if their data is safe, and we cannot answer them because NetApp won't answer us.