ONTAP Discussions

ONTAP 9.4P3 running on unsupported FreeBSD version!?

thomasb82
8,857 Views

Hi there,

 

our security department does regular vulnerability/security scans of the environment and they recently approach me with this:

"FreeBSD 10.3 support ended on 2018-04-30.

Upgrade to FreeBSD 10.4 / 11.2.

For more information, see : https://www.freebsd.org/security/"

 

This was the result of scanning a FAS2750 running ONTAP 9.4P3.

 

I know ONTAP goes through intesive hardening process and FreeBSD is not accessible (that easy), 

but still, @netapp can you please comment?

 

Thanks!

 

 

Thanks!

1 ACCEPTED SOLUTION

kryan
8,823 Views

Configure the vulnerability scanner to perform a credentialed scan on the storage system so that it is able to detect ONTAP properly.

 

KB 1074217

View solution in original post

3 REPLIES 3

kryan
8,824 Views

Configure the vulnerability scanner to perform a credentialed scan on the storage system so that it is able to detect ONTAP properly.

 

KB 1074217

davesnafiler
6,466 Views

We are having this same result from an internal Tenable system scan against our OnTap 9.6 version.  We have opened a NetApp support ticket which returns us to the KB noted as well as the security advisory (https://security.netapp.com/advisory/ntap-20190910-0002/).  We have initiated our internal security office to create a credentialed scan and run it but the results are the same (vulnerability found).  NetApp support has stated the credentialed scan should work properly and show there is no vulnerability. 

Has anyone encountered this same result and found a resolution?

Perhaps the credentialed scan is not configured properly and Tenable support is required?

Thanks in advance for any assistance or guidance.

kryan
6,450 Views

Please disregard the reference to an advisory - this is not a vulnerability in ONTAP.

 

Configure the Nessus scanner to use SSH credentials to allow it to run a command to discover the target is ONTAP and not FreeBSD. As far as my testing has shown, if Nessus is unable to login via SSH it interprets the target OS from "ssh -vvv" output.

Public