Login Sign Up

CVE-2022-23233

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in NetApp StorageGRID allows attackers to cause a Denial of Service (DoS) by targeting the Local Distribution Router (LDR) service. Successful exploitation could disrupt grid operations and data access. Organizations running StorageGRID versions before 11.6.0 are affected.

💻 Affected Systems

Products:
  • NetApp StorageGRID (formerly StorageGRID Webscale)
Versions: All versions prior to 11.6.0
Operating Systems: StorageGRID appliance OS
Default Config Vulnerable: ⚠️ Yes
Notes: All StorageGRID deployments with LDR service enabled are vulnerable in affected versions.

📦 What is this software?

Storagegrid by Netapp

View all CVEs affecting Storagegrid →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of StorageGRID grid operations, making stored data inaccessible and potentially impacting dependent applications and services.

🟠

Likely Case

Local Distribution Router service becomes unresponsive, causing grid communication failures and degraded performance until service restart.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring allowing quick detection and service restoration.

🌐 Internet-Facing: MEDIUM - While the LDR service typically isn't internet-facing, misconfigurations or exposed management interfaces could increase risk.
🏢 Internal Only: HIGH - The LDR service is critical for internal grid communication, making internal exploitation highly disruptive.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The advisory suggests exploitation is possible without authentication, but specific exploit details are not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.6.0 and later

Vendor Advisory: https://security.netapp.com/advisory/NTAP-20220303-0010/

Restart Required: Yes

Instructions:

1. Backup StorageGRID configuration and data. 2. Upgrade to StorageGRID 11.6.0 or later following NetApp upgrade procedures. 3. Verify LDR service functionality post-upgrade. 4. Monitor for any service disruptions.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to StorageGRID LDR service ports to trusted management networks only.

Service Monitoring

all

Implement enhanced monitoring and alerting for LDR service health and restart automatically if failures occur.

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach the LDR service ports
  • Deploy additional monitoring with automated alerting for LDR service failures

🔍 How to Verify

Check if Vulnerable:

Check StorageGRID version via Admin Node UI or CLI. Versions below 11.6.0 are vulnerable.

Check Version:

ssh admin@storagegrid-node 'sudo grid-config --version'

Verify Fix Applied:

Confirm version is 11.6.0 or higher and verify LDR service is running normally without disruptions.

📡 Detection & Monitoring

Log Indicators:

  • LDR service crash logs
  • Increased error rates in grid communication logs
  • Service restart events in system logs

Network Indicators:

  • Unusual traffic patterns to LDR service ports
  • Failed grid node communication attempts

SIEM Query:

source="storagegrid" AND ("LDR service" OR "Local Distribution Router") AND (error OR crash OR restart)

📊 Metadata

CVE ID: CVE-2022-23233
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: March 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON