CVE-2016-6667

critical

Published 2017-02-07 · Modified 2026-05-13

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

7.5

VIR risk

9.8

Description

NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://kb.netapp.com/support/s/article/NTAP-20161017-0002

Application impact

Vendor	Product	Versions	Fixed
netapp	oncommand_unified_manager_for_clustered_data_ontap	`6.3`
netapp	oncommand_unified_manager_for_clustered_data_ontap	`6.4`

References

https://kb.netapp.com/support/s/article/NTAP-20161017-0002
https://kb.netapp.com/support/s/article/NTAP-20161017-0002

Verify integrity in audit chain (admin only). AS-IS.