StorNext UUI Graphite Port 7003 Security Update

SUMMARY

A medium severity vulnerability has been identified with the Unified User Interface (UUI) shipped with StorNext versions 7.0 and 7.1.

Port 7003 is a development port used for testing statistics and graphing functionality. Exposure is limited to reading Graphite statistical data with a default userid and password. It does not allow access to any system configurations or user data and can be 
closed by customer support.

This security update addresses the vulnerability by removing open port 7003

 

VULNERABLE QUANTUM PRODUCTS

These versions of the following Quantum products may be vulnerable if not updated:

Port 7003 is no longer exposed in UUI starting with upcoming StorNext version 7.2.0 and higher.

How can I tell what my version is of StorNext UUI?

Open the UUI and navigate to the About menu item and check Version under the Unified User Interface Server section:

 

IMPACT

Exposure is limited to reading of the statistical data in Graphite used by the UUI for graphs. Exposure is limited to reading Graphite statistical data with a default userid and password. It does not allow access to any system configurations or user data.

 

SOLUTION

You can remove port 7003 from the UUI since it is not needed. 
To remove port 7003 : 

On MDC node 2, first save a copy of the UUI configuration file:

Next edit /opt/quantum/graphite/graphite/docker-compose.yml and remove the line with this content:

After that, restart the UUI graphite service by running this command on MDC node 2:

 

CONTACT INFORMATION

Submit a Support Ticket on the MyQuantum portal:  https://myservices.quantum.com/

Contact Support via telephone:

For additional contact information, go to http://www.quantum.com/serviceandsupport/get-help/index.aspx#contact-support