Thanks for all your feedback – this was my assumption too, just wanted to get some more „votes“ on the false positive idea.
Best,
Alexander Griesser
Head of Systems Operations
ANEXIA Internetdienstleistungs GmbH
E-Mail:
AGriesser@anexia-it.com
Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt
Geschäftsführer: Alexander Windbichler
Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
Von: Parisi, Justin <Justin.Parisi@netapp.com>
Gesendet: Mittwoch, 24. Juli 2019 15:09
An: Tim McCarthy <tmacmd@gmail.com>; Alexander Griesser <AGriesser@anexia-it.com>; Toasters <toasters@teaparty.net>
Betreff: RE: RPC Enumeration security finding
These scans generally look for common ports when notifying for vulnerabilities. SMB uses the same ports on Windows and ONTAP. But ONTAP doesn’t have the same codeline as Microsoft, so this issue won’t apply.
From:
toasters-bounces@teaparty.net <toasters-bounces@teaparty.net>
On Behalf Of Tim McCarthy
Sent: Wednesday, July 24, 2019 7:22 AM
To: Alexander Windbichler <AGriesser@anexia-it.com>; Toasters <toasters@teaparty.net>
Subject: Re: RPC Enumeration security finding
NetApp Security WARNING: This is an external email. Do not click links or open attachments unless
you recognize the sender and know the content is safe. |
I would say....
Yeah sure that would affect a MICROSOFT box. However this is A FALSE POSITIVE as the target of inquiry is a NetApp ONTAP box and the diagnosis clearly thinks it is Microsoft
Get Outlook for iOS
From:
toasters-bounces@teaparty.net on behalf of Alexander Griesser <agriesser@anexia-it.com>
Sent: Wednesday, July 24, 2019 12:51 AM
To: Toasters
Subject: RPC Enumeration security finding
Hey there,
One of our customers had a pentester onsite who found the following issues with the NetApp filers there.
RPC Enumeration discovered
By sending a DUMP request to the portmapper, it is possible to enumerate the RPC services running on the remote port. Using this information, an
attacker can connect and bind to each service by sending an RPC request to the remote port and exploit the host. |
nGuard recommends downloading the latest security patches from Microsoft. |
Does anyone know what exactly the problem here is and if there are any tunables to change the behaviour on NetApp (Ontap9+) filers?
Thanks,
Alexander Griesser
Head of Systems Operations
ANEXIA Internetdienstleistungs GmbH
E-Mail:
AGriesser@anexia-it.com
Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt
Geschäftsführer: Alexander Windbichler
Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601