Multiple vulnerabilities in N series Products
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2017-3730 CVE-2017-3731 CVE-2017-3732 CVE-2016-7055 |
| CWE-ID | CWE-476 CWE-125 CWE-310 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Data ONTAP operating in 7-Mode Operating systems & Components / Operating system package or component SnapDrive for Windows Other software / Other software solutions |
| Vendor | NetApp |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU5440
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-3730
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to cause denial of service.
The vulnerability exists in OpenSSL due to NULL pointer dereference error when processing specially crafted parameters for a Diffie-Hellman Key Exchange (DHE) or Elliptic Curve Diffie-Hellman Exchange (ECDHE), received from malicious server. A remote attacker can trick the victim into connecting to a specially crafted website and trigger NULL pointer dereference error in client software.
Successful exploitation of the vulnerability may allow an attacker to perform denial of service (DoS) attack against vulnerable client software.
MitigationInstall update from vendor's website.
Vulnerable software versionsData ONTAP operating in 7-Mode: 8.2.1 - 8.2.4
SnapDrive for Windows: 7.1.1 - 7.1.4
CPE2.3- cpe:2.3:o:netapp:data_ontap_operating_in_7-mode:8.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:data_ontap_operating_in_7-mode:8.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:data_ontap_operating_in_7-mode:8.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapdrive_for_windows:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapdrive_for_windows:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapdrive_for_windows:7.1.3:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/650961
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Out-of-bounds read
EUVDB-ID: #VU5420
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-3731
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause denial of service conditions.
The vulnerability exists due to out-of-bounds read in OpenSSL when processing truncated packets on 32-bit system using certain ciphers. A remote attacker can send a specially crafted truncated packet using CHACHA20/POLY1305 cipher for OpenSSL 1.1.0 or RC4-MD5 for 1.0.2 and trigger denial of service.
Successful exploitation of the vulnerability may allow an attacker to perform denial of service (DoS) attack against vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsData ONTAP operating in 7-Mode: 8.2.1 - 8.2.4
SnapDrive for Windows: 7.1.1 - 7.1.4
CPE2.3- cpe:2.3:o:netapp:data_ontap_operating_in_7-mode:8.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:data_ontap_operating_in_7-mode:8.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:data_ontap_operating_in_7-mode:8.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapdrive_for_windows:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapdrive_for_windows:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapdrive_for_windows:7.1.3:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/650961
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU5442
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3732
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to propagating error in the x86_64 Montgomery squaring procedure. A remote attacker with access to unpatched vulnerable system that uses a shared private key with Diffie-Hellman (DH) parameters set can gain unauthorized access to sensitive private key information.
According to vendor’s advisory, this vulnerability is unlikely to be exploited in real-world attacks, as it requires significant resources and online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients.
Vulnerability exploitation against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely.
MitigationInstall update from vendor's website.
Vulnerable software versionsData ONTAP operating in 7-Mode: 8.2.1 - 8.2.4
SnapDrive for Windows: 7.1.1 - 7.1.4
CPE2.3- cpe:2.3:o:netapp:data_ontap_operating_in_7-mode:8.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:data_ontap_operating_in_7-mode:8.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:data_ontap_operating_in_7-mode:8.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapdrive_for_windows:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapdrive_for_windows:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapdrive_for_windows:7.1.3:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/650961
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU5894
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-7055
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to decrypt certain data.
The vulnerability exists in OpenSSL implementation due to propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. A remote attacker can launch attacks against RSA, DSA and DH private keys and decrypt information, passed over encrypted channels. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation.
Successful exploitation of the vulnerability may allow an attacker in certain conditions to launch attacks against OpenSSL clients.
MitigationInstall update from vendor's website.
Vulnerable software versionsData ONTAP operating in 7-Mode: 8.2.1 - 8.2.4
SnapDrive for Windows: 7.1.1 - 7.1.4
CPE2.3- cpe:2.3:o:netapp:data_ontap_operating_in_7-mode:8.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:data_ontap_operating_in_7-mode:8.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:data_ontap_operating_in_7-mode:8.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapdrive_for_windows:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapdrive_for_windows:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapdrive_for_windows:7.1.3:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/650961
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
