Skip to main content
NetApp Knowledge Base

SMB1 detected as enabled on Data ONTAP 7-Mode controller where SMB1 has been disabled

Views:
2,759
Visibility:
Public
Votes:
1
Category:
data-ontap-8
Specialty:
7dot
Last Updated:

Applies to

Data ONTAP 8.2.5 7-Mode

Issue

Certain versions of security scanners might report that SMB Version 1 is enabled in Data ONTAP operating in 7-Mode even though it was disabled using the controls added in version 8.2.5.

For Qualys, this is reported as QID 45261, as seen in the example below.
SMB Version 1 Enabled

QID: 45261
CVE ID: -
Vendor Reference: SMB v1
Bugtraq ID: -
Service Modified: 02/16/2018
User Modified: -
Edited: No
PCI Vuln: No


THREAT:
The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows, is known as Microsoft SMB Protocol.
The Windows host has SMBv1 protocol enabled for either:
Client or Server

IMPACT:
SMB protocols could allow a remote attacker to obtain sensitive information from the affected systems

SOLUTION:
Microsoft recommends users to update to the latest SMB versions and stop using SMBv1.
For more information, see Microsoft KB article 2696547

Workaround:
Customers may consider blocking all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.

COMPLIANCE:
Not Applicable

EXPLOITABILITY:
There is no exploitability information for this vulnerability.

ASSOCIATED MALWARE:
There is no malware information for this vulnerability.

RESULTS:
QID: 45261 detected on port 445 over TCP.
SMBv1 is enabled.

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.