CVE-2016-6667

CRITICAL

NetApp OnCommand Unified Manager - RCE

Title source: llm
STIX 2.1

Description

NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://kb.netapp.com/support/s/article/NTAP-20161017-0002

Scores

CVSS v3 9.8
EPSS 0.0295
EPSS Percentile 85.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (2)
netapp/oncommand_unified_manager_for_clustered_data_ontap 6.3
netapp/oncommand_unified_manager_for_clustered_data_ontap 6.4 (2 CPE variants)
Published Feb 07, 2017
Tracked Since Feb 18, 2026