PatchSiren cyber security CVE debrief

CVE-2017-5995 Netapp CVE debrief

CVE-2017-5995 is a high-severity information disclosure issue in NetApp ONTAP Select Deploy administration utility versions 2.0 through 2.2.1. The public record says remote attackers may obtain sensitive information via unspecified vectors. NVD assigns CVSS 3.1 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), which points to a network-reachable confidentiality impact with no listed integrity or availability impact. Defenders should treat exposed Deploy administration services as a sensitive management-plane risk and verify whether any affected versions are present.

Vendor: Netapp
Product: CVE-2017-5995
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-03-01
Original CVE updated: 2026-05-13
Advisory published: 2017-03-01
Advisory updated: 2026-05-13

Who should care

NetApp ONTAP Select Deploy operators, storage and virtualization administrators, and security teams responsible for network-reachable management services, especially where versions 2.0, 2.1, 2.2, or 2.2.1 are in use.

Technical summary

NVD maps the vulnerability to CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The affected CPE criteria list ONTAP Select Deploy administration utility versions 2.0, 2.1, 2.2, and 2.2.1. The record describes the issue as allowing remote attackers to obtain sensitive information through unspecified vectors. Because the CVSS vector shows no privileges or user interaction required, exposure of the management surface is the central concern.

Defensive priority

High. The issue is network-accessible, requires no privileges or user interaction, and has a high confidentiality impact. Although it is not listed here as a Known Exploited Vulnerability, it should still be prioritized for exposure reduction and vendor-guided remediation.

Recommended defensive actions

Inventory NetApp ONTAP Select Deploy administration utility instances and confirm whether any affected versions are 2.0 through 2.2.1.
Apply the NetApp vendor-advised fix or mitigation referenced in the CVE record.
Restrict access to the Deploy administration interface to trusted administrative networks, VPNs, or jump hosts.
Review logs and access records for unexpected access to the administration utility or associated sensitive data.
If immediate remediation is not possible, apply compensating controls such as segmentation and strict firewall rules around the management service.

Evidence notes

The supplied NVD record identifies affected versions 2.0 through 2.2.1, assigns CVSS 3.1 7.5/High, and maps the weakness to CWE-200. The public description states that remote attackers may obtain sensitive information via unspecified vectors. The record also includes a NetApp vendor advisory reference and a third-party SecurityFocus reference.

Official resources

CVE-2017-5995 CVE record
CVE.org
CVE-2017-5995 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Vendor Advisory

Published in the CVE record on 2017-03-01. The NVD metadata was later modified on 2026-05-13; that modification date is not the original disclosure date.