We use Tenable for vulnerability scanning. I noticed today it flagged our 3PARs with a critical vulnerability.
Unix Operating System Unsupported Version Detection (33850)
The output of the vulnerability doesnt make sense:
Debian 7.0 support ended on 2016-04-26 end of regular support / 2018-05-01 (end of long-term support for Wheezy-LTS).
Upgrade to Debian Linux 9.x ("Stretch").
For more information, see : http://www.debian.org/releases/
Im using 3.2.2 MU4 on all of my 3PARs. Would upgrading the 3PAR OS clear this or am I missing something? Not really sure an O/S upgrade would change the underlying OS to the degree the vulnerability mentions.
Anyone have thoughts?
3PARs getting flagged by Tenable scanner
Re: 3PARs getting flagged by Tenable scanner
I'm curious. Does your Tenable scanner login to your array using administrative privileges? (3paradm). Our security folks wanted to be able to scan our array, but I was a little nervous about allowing the scanner to login and muck around inside the array. Sounded like asking for trouble.
Re: 3PARs getting flagged by Tenable scanner
Just an update on this from HP. Turns out its a known issue which is fixed in 3.3.1 MU3.
Looks like I need to get my arrays upgraded.
It's ID: 231311
Page 175 in the HPE 3PAR OS 3.3.1 GA/EGA/MU1/MU2/MU3 Release Notes.
Just in case anyone else encounters it.
Looks like I need to get my arrays upgraded.
It's ID: 231311
Page 175 in the HPE 3PAR OS 3.3.1 GA/EGA/MU1/MU2/MU3 Release Notes.
Just in case anyone else encounters it.