SMB1 detected as enabled on Data ONTAP 7-Mode controller where SMB1 has been disabled
Applies to
Data ONTAP 8.2.5 7-Mode
Issue
Certain versions of security scanners might report that SMB Version 1 is enabled in Data ONTAP operating in 7-Mode even though it was disabled using the controls added in version 8.2.5.
For Qualys, this is reported as QID 45261, as seen in the example below.
SMB Version 1 Enabled
QID: 45261
CVE ID: -
Vendor Reference: SMB v1
Bugtraq ID: -
Service Modified: 02/16/2018
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows, is known as Microsoft SMB Protocol.
The Windows host has SMBv1 protocol enabled for either:
Client or Server
IMPACT:
SMB protocols could allow a remote attacker to obtain sensitive information from the affected systems
SOLUTION:
Microsoft recommends users to update to the latest SMB versions and stop using SMBv1.
For more information, see Microsoft KB article 2696547
Workaround:
Customers may consider blocking all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
QID: 45261 detected on port 445 over TCP.
SMBv1 is enabled.