CVE-2016-3400 - OpenCVE

NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Netapp	Data Ontap

Configuration 1 [-]

OR	cpe:2.3:a:netapp:data_ontap:8.1:::::::*
	cpe:2.3:a:netapp:data_ontap:8.2:::::::*

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063	Third Party Advisory
http://www.securityfocus.com/bid/99101	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/113589	Third Party Advisory
https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-03T16:00:00

Updated: 2017-08-30T15:57:01

Reserved: 2016-03-17T00:00:00

Link: CVE-2016-3400

JSON object: View

NVD Information

Status : Modified

Published: 2017-07-03T16:29:00.183

Modified: 2017-08-31T01:29:00.757

Link: CVE-2016-3400

JSON object: View

Redhat Information

No data.

CWE

CWE-254

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-04-12T00:00:00", "descriptions": [{"lang": "en", "value": "NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-30T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "99101", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99101"}, {"tags": ["x_refsource_MISC"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113589"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-3400", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "99101", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99101"}, {"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113589", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113589"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063"}, {"name": "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products", "refsource": "CONFIRM", "url": "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-3400", "datePublished": "2017-07-03T16:00:00", "dateReserved": "2016-03-17T00:00:00", "dateUpdated": "2017-08-30T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:data_ontap:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "5D4BF8FF-10D1-47B5-9AC9-A88DA01227BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:data_ontap:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "096A9368-FC0F-4D4A-AB3B-9E5ABDB28D37", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol."}, {"lang": "es", "value": "Data ONTAP versiones 8.1 y 8.2 de NetApp, cuando operan en modo 7, permiten a atacantes de tipo man-in-the-middle obtener informaci\u00f3n confidencial, alcanzar privilegios o causar una denegaci\u00f3n de servicio por medio de vectores relacionados con el protocolo SMB."}], "id": "CVE-2016-3400", "lastModified": "2017-08-31T01:29:00.757", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-03T16:29:00.183", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99101"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113589"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}