ONTAP Discussions

Highlighted

ONTAP 9.4P3 running on unsupported FreeBSD version!?

Hi there,

 

our security department does regular vulnerability/security scans of the environment and they recently approach me with this:

"FreeBSD 10.3 support ended on 2018-04-30.

Upgrade to FreeBSD 10.4 / 11.2.

For more information, see : https://www.freebsd.org/security/"

 

This was the result of scanning a FAS2750 running ONTAP 9.4P3.

 

I know ONTAP goes through intesive hardening process and FreeBSD is not accessible (that easy), 

but still, @netapp can you please comment?

 

Thanks!

 

 

Thanks!

3 REPLIES 3
Highlighted

Re: ONTAP 9.4P3 running on unsupported FreeBSD version!?

Configure the vulnerability scanner to perform a credentialed scan on the storage system so that it is able to detect ONTAP properly.

 

KB 1074217

View solution in original post

Highlighted

Re: ONTAP 9.4P3 running on unsupported FreeBSD version!?

We are having this same result from an internal Tenable system scan against our OnTap 9.6 version.  We have opened a NetApp support ticket which returns us to the KB noted as well as the security advisory (https://security.netapp.com/advisory/ntap-20190910-0002/).  We have initiated our internal security office to create a credentialed scan and run it but the results are the same (vulnerability found).  NetApp support has stated the credentialed scan should work properly and show there is no vulnerability. 

Has anyone encountered this same result and found a resolution?

Perhaps the credentialed scan is not configured properly and Tenable support is required?

Thanks in advance for any assistance or guidance.

Highlighted

Re: ONTAP 9.4P3 running on unsupported FreeBSD version!?

Please disregard the reference to an advisory - this is not a vulnerability in ONTAP.

 

Configure the Nessus scanner to use SSH credentials to allow it to run a command to discover the target is ONTAP and not FreeBSD. As far as my testing has shown, if Nessus is unable to login via SSH it interprets the target OS from "ssh -vvv" output.

Check out the KB!
NetApp Insights To Action
All Community Forums