Effective December 3, NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources.For accounts that did not pre-register (prior to Dec 3), access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity.To learn more, read the FAQ and watch the video.Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.
We are having this same result from an internal Tenable system scan against our OnTap 9.6 version. We have opened a NetApp support ticket which returns us to the KB noted as well as the security advisory (https://security.netapp.com/advisory/ntap-20190910-0002/). We have initiated our internal security office to create a credentialed scan and run it but the results are the same (vulnerability found). NetApp support has stated the credentialed scan should work properly and show there is no vulnerability.
Has anyone encountered this same result and found a resolution?
Perhaps the credentialed scan is not configured properly and Tenable support is required?
Please disregard the reference to an advisory - this is not a vulnerability in ONTAP.
Configure the Nessus scanner to use SSH credentials to allow it to run a command to discover the target is ONTAP and not FreeBSD. As far as my testing has shown, if Nessus is unable to login via SSH it interprets the target OS from "ssh -vvv" output.