Skip to main content
NetApp Knowledgebase

SMB1 detected as enabled on Data ONTAP 7-Mode controller where SMB1 has been disabled

Applies to

Data ONTAP 8.2.5 7-Mode

Issue

Certain versions of security scanners might report that SMB Version 1 is enabled in Data ONTAP operating in 7-Mode even though it was disabled using the controls added in version 8.2.5.

For Qualsys, this is reported as QID 45261, as seen in the example below.
SMB Version 1 Enabled

QID: 45261
CVE ID: -
Vendor Reference: SMB v1
Bugtraq ID: -
Service Modified: 02/16/2018
User Modified: -
Edited: No
PCI Vuln: No


THREAT:
The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows, is known as Microsoft SMB Protocol.
The Windows host has SMBv1 protocol enabled for either:
Client or Server

IMPACT:
SMB protocols could allow a remote attacker to obtain sensitive information from the affected systems

SOLUTION:
Microsoft recommends users to update to the latest SMB versions and stop using SMBv1.
For more information, see Microsoft KB article 2696547

Workaround:
Customers may consider blocking all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.

COMPLIANCE:
Not Applicable

EXPLOITABILITY:
There is no exploitability information for this vulnerability.

ASSOCIATED MALWARE:
There is no malware information for this vulnerability.

RESULTS:
QID: 45261 detected on port 445 over TCP.
SMBv1 is enabled.

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support