Skip to main content
NetApp Knowledge Base

SMB1 detected as enabled on Data ONTAP 7-Mode controller where SMB1 has been disabled

Views:
2,038
Visibility:
Public
Votes:
1
Category:
data-ontap-8
Specialty:
nas
Last Updated:

Applies to

Data ONTAP 8.2.5 7-Mode

Issue

Certain versions of security scanners might report that SMB Version 1 is enabled in Data ONTAP operating in 7-Mode even though it was disabled using the controls added in version 8.2.5.

For Qualsys, this is reported as QID 45261, as seen in the example below.
SMB Version 1 Enabled

QID: 45261
CVE ID: -
Vendor Reference: SMB v1
Bugtraq ID: -
Service Modified: 02/16/2018
User Modified: -
Edited: No
PCI Vuln: No


THREAT:
The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows, is known as Microsoft SMB Protocol.
The Windows host has SMBv1 protocol enabled for either:
Client or Server

IMPACT:
SMB protocols could allow a remote attacker to obtain sensitive information from the affected systems

SOLUTION:
Microsoft recommends users to update to the latest SMB versions and stop using SMBv1.
For more information, see Microsoft KB article 2696547

Workaround:
Customers may consider blocking all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.

COMPLIANCE:
Not Applicable

EXPLOITABILITY:
There is no exploitability information for this vulnerability.

ASSOCIATED MALWARE:
There is no malware information for this vulnerability.

RESULTS:
QID: 45261 detected on port 445 over TCP.
SMBv1 is enabled.

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

Scan to view the article on your device