NetApp Console Agent and CVO security vulnerability QandA
Applies to
- NetApp Console Agent
- NetApp Cloud Volumes ONTAP (CVO)
- CVO Mediator
- Common Vulnerabilities and Exposures (CVE)
- ONTAP 9
Answer
- Where can I find information about CVE exposure for NetApp Console Agent and CVO?
- Search the NetApp Security Advisory and our Knowledge Base to find out if NetApp Console or CVO is exposed to a certain CVE or find the list of all vulnerabilities of a specific CVO version by filtering on "Product Version" on Security Advisory search tool.
- For the Linux OS that runs on the Agent VM hosting the NetApp Console software and Mediator(used in AWS and GCP CVO HA configurations), various 3rd party resources are available: Mitre Organization, National Vulnerability Database, and Your Distribution`s website (RHEL, Ubuntu, and others).
- How are vulnerabilities fixed for CVO?
- Either via an ONTAP upgrade or a workaround. Find information on each in the relevant Security Advisory or KB for the specific CVE.
- How are vulnerabilities fixed for NetApp Console SaaS ?
- NetApp Console SaaS is patched automatically if it has a direct internet connection and auto-update is enabled.
- The Security Advisory or KB typically contains information on fixed releases and instructions on how to enable auto-upgrade if it's disabled.
- See also Upgrade the Connector on-prem without internet access
- Should the Agent VM hosting the NetApp Console software be updated?
- The Linux OS on the Agent host vm must be updated by the customer. This can be done by connecting to the VM and updating to the latest kernel that has the fix for the CVE.
- To update the kernel and all installed packages see your Distribution`s website.
- Verify the host OS running on the Agent VM:
cat /etc/os-release - For Ubuntu:
sudo apt-get upgrade - For RHEL:
sudo yum update- Note: all default packages supported by the Linux Distribution can be upgraded. 3rd party software or agents are not supported, however.
- Verify the host OS running on the Agent VM: