Blue XP Connector and CVO security vulnerability QandA
Applies to
- NetApp Blue XP Connector
- NetApp Cloud Volumes ONTAP (CVO)
- CVO Mediator
- Common Vulnerabilities and Exposures (CVE)
- ONTAP 9
Answer
- Where can I find information about CVE exposure for Blue XP Connector and CVO?
- Search the NetApp Security Advisory and our Knowledge Base to find out if Cloud Manager or CVO is exposed to a certain CVE
- For the Linux OS that runs on the connector VM hosting the Cloud Manager software and Mediator(used in AWS and GCP CVO HA configurations), various 3rd party resources are available: Mitre Organization, National Vulnerability Database, and Your Distribution`s website (RHEL, Ubuntu, and others).
- How are vulnerabilities fixed for CVO?
- Either via an ONTAP upgrade or a workaround. Find information on each in the relevant Security Advisory or KB for the specific CVE.
- How are vulnerabilities fixed for Blue XP SaaS ?
- Blue XP SaaS is patched automatically if it has a direct internet connection and auto-update is enabled.
- The Security Advisory or KB typically contains information on fixed releases and instructions on how to enable auto-upgrade if it's disabled.
- See also Upgrade the Connector on-prem without internet access
- Should the connector VM hosting the Cloud Manager software be updated?
- The Linux OS on the connector host vm must be updated by the customer. This can be done by connecting to the VM and updating to the latest kernel that has the fix for the CVE.
- To update the kernel and all installed packages see your Distribution`s website.
- Verify the host OS running on the Connector VM:
cat /etc/os-release
- For Ubuntu:
sudo apt-get upgrade
- For RHEL:
sudo yum update
- Note: all default packages supported by the Linux Distribution can be upgraded. 3rd party software or agents are not supported, however.
- Verify the host OS running on the Connector VM: