I would say....
Yeah sure that would affect a MICROSOFT box. However this is A FALSE POSITIVE as the target of inquiry is a NetApp ONTAP box and the diagnosis clearly thinks it is Microsoft
Get Outlook for iOShttps://aka.ms/o0ukef
________________________________ From: toasters-bounces@teaparty.net on behalf of Alexander Griesser agriesser@anexia-it.com Sent: Wednesday, July 24, 2019 12:51 AM To: Toasters Subject: RPC Enumeration security finding
Hey there,
One of our customers had a pentester onsite who found the following issues with the NetApp filers there.
RPC Enumeration discovered By sending a DUMP request to the portmapper, it is possible to enumerate the RPC services running on the remote port. Using this information, an attacker can connect and bind to each service by sending an RPC request to the remote port and exploit the host.
Note: Specific Target IPs are included in the "Detailed IP List." nGuard recommends downloading the latest security patches from Microsoft.
Does anyone know what exactly the problem here is and if there are any tunables to change the behaviour on NetApp (Ontap9+) filers?
Thanks,
Alexander Griesser Head of Systems Operations
ANEXIA Internetdienstleistungs GmbH
E-Mail: AGriesser@anexia-it.commailto:AGriesser@anexia-it.com Web: http://www.anexia-it.comhttp://www.anexia-it.com/
Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601