CVE-2016-3997 - NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain

CVE-2016-3997

Summary

NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state.

References

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063
https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products

Vulnerable Configurations

cpe:2.3:a:netapp:clustered_data_ontap:8.3.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap:8.3.1:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 05-07-2017 - 16:35)
Impact:
Exploitability:

CWE

CWE-254

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

confirm

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063
https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products

Last major update

05-07-2017 - 16:35

Published

03-07-2017 - 16:29

Last modified

05-07-2017 - 16:35