NetApp Products Multiple Vulnerabilities

Impact

• Denial of Service
• Information Disclosure
• Data Manipulation

System / Technologies affected

• NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H300E/H500E/H700E/H410S
• NetApp HCI Baseboard Management Controller (BMC) - H410C
• ONTAP Select Deploy administration utility
• BeeGFS CSI Driver
• Cloud Insights Telegraf Agent
• NetApp Kubernetes Monitoring Operator
• StorageGRID (formerly StorageGRID Webscale)

Solutions

• Please refer to the vendor web-site for update on patches release.
  • Links can be found in "Related Link" section.
  • Software fixes will be made available through the NetApp Support website in the Software Download section.
    https://mysupport.netapp.com/site/downloads/

Vulnerability Identifier

• CVE-2021-4154
• CVE-2022-0391
• CVE-2022-23772
• CVE-2022-23773
• CVE-2022-23806
• CVE-2022-24958

Source

• NetApp

Related Link

• https://security.netapp.com/advisory/ntap-20220225-0004/
• https://security.netapp.com/advisory/ntap-20220225-0006/
• https://security.netapp.com/advisory/ntap-20220225-0008/
• https://security.netapp.com/advisory/ntap-20220225-0009/