Information for

NetApp Denial of Service Vulnerability

Languages: English. Risk Level: High.

Components Affected

  • NetApp HCI Baseboard Management Controller (BMC)H300S/H500S/H700S/H410S
  • NetApp HCI Baseboard Management Controller (BMC) – H410C

Overview

A vulnerability was identified in a NetApp Product. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.

Description

The primary vulnerability which has been identified and tracked under CVE-2023-32252. A flaw was found in the Linux kernel’s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

Impact

  • Denial of Service

Solution/ Workarounds

Apply fixes issued by the vendor:

https://security.netapp.com/advisory/ntap-20231124-0001/

Reference

https://www.hkcert.org/security-bulletin/netapp-denial-of-service-vulnerability_20231127
https://security.netapp.com/advisory/ntap-20231124-0001/

Disclaimer

The information provided herein is on an “as is” basis, without warranty of any kind.

Recent Alerts