Vulnerability in Solaris Cluster Component of Oracle Sun Systems Products Suite
CVE-2017-10234

7.3HIGH

Key Information:

Vendor

Oracle
Status
Solaris Cluster
Vendor
CVE Published:
8 August 2017

What is CVE-2017-10234?

A vulnerability exists in the Solaris Cluster component of Oracle Sun Systems Products Suite, specifically within the NAS device addition subcomponent. This flaw allows a low-privileged attacker who has logged onto the infrastructure where the Solaris Cluster operates to potentially compromise the system. The exploitation requires human interaction from a victim other than the attacker, making successful attacks reliant on social engineering or similar tactics. If exploited, this vulnerability could lead to significant access concerns, allowing unauthorized users to gain control over the Solaris Cluster. The incident emphasizes the importance of cautious access control and user interaction protocols.

Affected Version(s)

Solaris Cluster 4

References

http://www.securityfocus.com/bid/99859
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038937
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.