{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<ul> <li>NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S</li> <li>NetApp HCI Baseboard Management Controller (BMC) - H410C</li> </ul> <p>Ces produits ne sont plus maintenus par l'\u00e9diteur.</p> ","content":"## Solution\n\nImportant : l'\u00e9diteur ne pr\u00e9voit pas de publier de correctifs de\ns\u00e9curit\u00e9 (cf. section Documentation). Le CERT-FR recommande de remplacer\nles produits obsol\u00e8tes Netapp HCI par des solutions maintenues \u00e0 jour.\n\n\u00a0\n\n## Contournement provisoire\n\nLe CERT-FR recommande de cloisonner l'acc\u00e8s au composant BMC.\n","cves":[{"name":"CVE-2023-26606","url":"https://www.cve.org/CVERecord?id=CVE-2023-26606"},{"name":"CVE-2023-23000","url":"https://www.cve.org/CVERecord?id=CVE-2023-23000"},{"name":"CVE-2023-0030","url":"https://www.cve.org/CVERecord?id=CVE-2023-0030"},{"name":"CVE-2023-0179","url":"https://www.cve.org/CVERecord?id=CVE-2023-0179"},{"name":"CVE-2023-26607","url":"https://www.cve.org/CVERecord?id=CVE-2023-26607"},{"name":"CVE-2023-26605","url":"https://www.cve.org/CVERecord?id=CVE-2023-26605"},{"name":"CVE-2023-22995","url":"https://www.cve.org/CVERecord?id=CVE-2023-22995"},{"name":"CVE-2023-26544","url":"https://www.cve.org/CVERecord?id=CVE-2023-26544"},{"name":"CVE-2022-4139","url":"https://www.cve.org/CVERecord?id=CVE-2022-4139"}],"links":[],"reference":"CERTFR-2023-AVI-0399","revisions":[{"description":"Version initiale","revision_date":"2023-05-19T00:00:00.000000"}],"risks":[{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"D\u00e9ni de service"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits <span\nclass=\"textit\">NetApp HCI</span>. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0\nl'int\u00e9grit\u00e9 des donn\u00e9es et un d\u00e9ni de service.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits NetApp HCI","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20230511-0003 du 17 mai 2023","url":"https://security.netapp.com/advisory/ntap-20230511-0003/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20230331-0004 du 17 mai 2023","url":"https://security.netapp.com/advisory/ntap-20230331-0004/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20230413-0010 du 17 mai 2023","url":"https://security.netapp.com/advisory/ntap-20230413-0010/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20230309-0004 du 17 mai 2023","url":"https://security.netapp.com/advisory/ntap-20230309-0004/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20230316-0010 du 17 mai 2023","url":"https://security.netapp.com/advisory/ntap-20230316-0010/"}]}