ONTAP Tools for VMware vSphere: Vulnerabilities within ONTAP tools 9.x
Applies to
- ONTAP tools for VMware vSphere (OTV) 9.13 P1
- Vulnerable ciphers reported in OTV9.13 P1 for ports 8143, 8443 and 9083
- HTTP OPTIONS vulnerability reported in OTV9.13 P1
- OpenSSH vulnerability in ONTAP tools for VMware vSphere 9.13 P1
- HSTS missing from HTTPS server on port 8443 in OTV 9.12
Issue
- Vulnerable ciphers reported in OTV9.13 P1 for ports 8143, 8443 and 9083 : Vulnerable cipher suites TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA were detected on ports 8143(vscserver), 8443(rpserver) and 9083(vp-server) when ran vulnerability scanner tool.
- HTTP OPTIONS vulnerability reported in OTV9.13 P1: HTTP OPTIONS method is enabled for port: 8143. HTTP OPTIONS method although primarily used for debugging purpose can be exploited by an attacker to retrieve sensitive information regarding the system
- OpenSSH vulnerability in ONTAP tools for VMware vSphere 9.13 P1 : OpenSSH has released a Security Advisory and patches for CVE-2024-6387. Your product has been identified as using OpenSSH based on Blackduck data.
- HSTS missing from HTTPS server on port 8443 in OTV 9.12 : vulnerability found via scanner tools such as Nessus