PatchSiren cyber security CVE debrief
CVE-2016-5374 Netapp CVE debrief
CVE-2016-5374 is a high-severity access-control issue in NetApp Data ONTAP affecting SMB-hosted data. According to the CVE description, a remote authenticated user who owns SMB-hosted data can bypass intended sharing restrictions because of improper handling of the owner_rights ACL entry. The vulnerability was published on 2017-03-01, and the supplied NVD record identifies affected Data ONTAP 9.0 and 9.1 systems before 9.1P1.
- Vendor
- Netapp
- Product
- CVE-2016-5374
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-03-01
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-03-01
- Advisory updated
- 2026-05-13
Who should care
Storage administrators, NetApp Data ONTAP operators, and security teams responsible for SMB file sharing and ACL governance should prioritize this issue, especially where users own shared SMB data and access restrictions depend on owner_rights behavior.
Technical summary
The flaw is an authorization bypass tied to SMB access control handling in Data ONTAP. The CVE description states that the product improperly processes the owner_rights ACL entry, allowing a remote authenticated user who owns SMB-hosted data to bypass sharing restrictions. NVD lists the affected CPEs as NetApp Data ONTAP 9.0 and 9.1, and the CVSS vector indicates network attackability with low attack complexity, low privileges required, no user interaction, and high confidentiality, integrity, and availability impact.
Defensive priority
High. This is an authenticated network-accessible authorization weakness affecting access control boundaries for shared data. Systems running the affected Data ONTAP versions should be reviewed and updated promptly.
Recommended defensive actions
- Upgrade NetApp Data ONTAP to 9.1P1 or a later fixed release referenced by the vendor advisory.
- Review SMB share permissions and ACL configurations for data sets where owner_rights is used.
- Audit user accounts that own SMB-hosted data and verify that access controls behave as intended after patching.
- Confirm remediation against the NetApp vendor advisory and the NVD entry before returning affected systems to service.
- If immediate patching is not possible, restrict exposure of affected SMB shares and limit authenticated users to the minimum necessary access.
Evidence notes
The debrief is based on the CVE description, NVD CPE data, and the vendor advisory referenced in the supplied record. The supplied source states that Data ONTAP 9.0 and 9.1 before 9.1P1 are affected, and that the issue involves improper handling of the owner_rights ACL entry. No exploit details or unsupported environmental assumptions are included.
Official resources
-
CVE-2016-5374 CVE record
CVE.org
-
CVE-2016-5374 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
Publicly disclosed in the CVE/NVD record on 2017-03-01. The supplied data includes a NetApp vendor advisory reference and no Known Exploited Vulnerabilities (KEV) listing.