CVE-2016-3997 — Clustered Data Ontap vulnerability

CWE-2543 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 37.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Clustered Data Ontap

Timeline

PublishedJul 3

Latest updateMay 17

Description

NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages1 packages

▶NVDnetapp/clustered_data_ontap8.3.1

🔴Vulnerability Details

GHSA

GHSA-jw46-7j4p-g2rv: NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by lever↗2022-05-17

▶

CVEList

CVE-2016-3997: NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by lever↗2017-07-03

▶