PatchSiren cyber security CVE debrief
CVE-2016-6667 Netapp CVE debrief
CVE-2016-6667 is a critical remote code execution issue in NetApp OnCommand Unified Manager for Clustered Data ONTAP. The vulnerability is tied to a default privileged account and affects the 6.3, 6.4, and 6.4P1 release lines listed by NVD. Because the issue is network-reachable and rated 9.8, affected systems should be treated as urgent remediation candidates.
- Vendor
- Netapp
- Product
- CVE-2016-6667
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-07
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-07
- Advisory updated
- 2026-05-13
Who should care
Administrators and security teams responsible for NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3, 6.4, or 6.4P1 should prioritize this issue, especially if the management interface is reachable from networks outside a tightly controlled admin segment.
Technical summary
NVD describes the flaw as a default privileged account in NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 that allows remote attackers to execute arbitrary code via unspecified vectors. The NVD CVSS vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a remotely exploitable issue with no privileges or user interaction required and full confidentiality, integrity, and availability impact.
Defensive priority
CRITICAL: This is a remotely exploitable, no-authentication RCE with maximum CVSS impact. Systems matching the affected versions should be remediated immediately or isolated until patched.
Recommended defensive actions
- Confirm whether any instance of NetApp OnCommand Unified Manager for Clustered Data ONTAP is running version 6.3, 6.4, or 6.4P1.
- Apply the NetApp vendor advisory and patch guidance referenced in NTAP-20161017-0002.
- Review whether any default privileged account remains enabled and follow vendor remediation steps to remove or secure it.
- Restrict access to the management interface to trusted administrative networks until remediation is complete.
- Monitor authentication, privilege-use, and code-execution-related logs for unexpected activity on affected systems.
Evidence notes
Evidence comes from the NVD record and the linked NetApp advisory. The NVD entry identifies the affected CPEs as NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3, 6.4, and 6.4P1, and classifies the issue as network-exploitable with no privileges or user interaction required. The source references point to NetApp advisory NTAP-20161017-0002. The exact exploitation vector is marked unspecified in the description, so remediation guidance should stay aligned to vendor instructions rather than inferred attack detail.
Official resources
-
CVE-2016-6667 CVE record
CVE.org
-
CVE-2016-6667 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
Publicly disclosed in the NVD/CVE record on 2017-02-07; the NVD record was last modified on 2026-05-13.