SMB1 detected as enabled on Data ONTAP 7-Mode controller where SMB1 has been disabled

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 2,249

Visibility:: Public

Votes:: 1

Category:: data-ontap-8

Specialty:: nas

Last Updated:

Applies to

Data ONTAP 8.2.5 7-Mode

Issue

Certain versions of security scanners might report that SMB Version 1 is enabled in Data ONTAP operating in 7-Mode even though it was disabled using the controls added in version 8.2.5.

For Qualsys, this is reported as QID 45261, as seen in the example below.
SMB Version 1 Enabled QID: 45261 CVE ID: - Vendor Reference: SMB v1 Bugtraq ID: - Service Modified: 02/16/2018 User Modified: - Edited: No PCI Vuln: No

THREAT:
The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows, is known as Microsoft SMB Protocol.
The Windows host has SMBv1 protocol enabled for either:
Client or Server

IMPACT:
SMB protocols could allow a remote attacker to obtain sensitive information from the affected systems

SOLUTION:
Microsoft recommends users to update to the latest SMB versions and stop using SMBv1.
For more information, see Microsoft KB article 2696547

Workaround:
Customers may consider blocking all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.

COMPLIANCE:
Not Applicable

EXPLOITABILITY:
There is no exploitability information for this vulnerability.

ASSOCIATED MALWARE:
There is no malware information for this vulnerability.

RESULTS:
QID: 45261 detected on port 445 over TCP.
SMBv1 is enabled.