Hey there,

 

One of our customers had a pentester onsite who found the following issues with the NetApp filers there.

 

RPC Enumeration discovered

By sending a DUMP request to the portmapper, it is possible to enumerate the RPC services running on the remote port.  Using this information, an attacker can connect and bind to each service by sending an RPC request to the remote port and exploit the host. Note: Specific Target IPs are included in the "Detailed IP List."

nGuard recommends downloading the latest security patches from Microsoft.

 

Does anyone know what exactly the problem here is and if there are any tunables to change the behaviour on NetApp (Ontap9+) filers?

 

Thanks,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: AGriesser@anexia-it.com

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601