PatchSiren cyber security CVE debrief
CVE-2016-4341 Netapp CVE debrief
CVE-2016-4341 is a high-severity information disclosure affecting NetApp Clustered Data ONTAP. According to the NVD record, remote attackers can obtain SMB share information via unspecified vectors, and the issue is rated CVSS 3.0 7.5 (HIGH). The published record points to NetApp guidance for remediation and describes affected versions as Clustered Data ONTAP before 8.3.2P7.
- Vendor
- Netapp
- Product
- CVE-2016-4341
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-07
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-07
- Advisory updated
- 2026-05-13
Who should care
NetApp Clustered Data ONTAP administrators, storage teams managing SMB/CIFS services, and security teams responsible for protecting share metadata and access patterns in enterprise NAS environments.
Technical summary
The vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). NVD describes it as a network-reachable issue with no privileges or user interaction required (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), meaning the primary impact is confidentiality. The NVD record references affected Clustered Data ONTAP versions and the vendor advisory indicates remediation at 8.3.2P7.
Defensive priority
High. The issue is remotely reachable, requires no authentication, and can expose SMB share information, which may aid reconnaissance or reveal sensitive storage topology and access details.
Recommended defensive actions
- Review NetApp advisory NTAP-20161028-0001 and confirm whether any Clustered Data ONTAP systems are in the affected range.
- Upgrade affected NetApp Clustered Data ONTAP systems to 8.3.2P7 or later, as indicated by the vulnerability description.
- Audit SMB share exposure and related access controls on NetApp appliances to reduce unnecessary information disclosure.
- Verify asset inventories for any Clustered Data ONTAP deployments that may be running versions mapped by NVD as vulnerable.
- Recheck the NVD and vendor advisory for any updated remediation guidance or version scope clarifications.
Evidence notes
The CVE record was published on 2017-02-07 and later modified on 2026-05-13; that later date reflects record maintenance, not the original issue date. The supplied NVD metadata describes the flaw as remote SMB share information disclosure, gives CVSS vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, and lists CWE-200. The vendor reference provided in the corpus is NetApp KB NTAP-20161028-0001. The supplied corpus also contains an NVD CPE mapping to clustered_data_ontap up to 8.3.2, while the narrative description says before 8.3.2P7; both are retained here as source-backed context without resolving the discrepancy beyond what the corpus states.
Official resources
-
CVE-2016-4341 CVE record
CVE.org
-
CVE-2016-4341 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
Publicly disclosed in the CVE/NVD record on 2017-02-07; the NVD entry was later modified on 2026-05-13.