Oracle Integrated Lights Out Manager Vulnerability in Sun Systems Products Suite
CVE-2017-10260

7.5HIGH

Key Information:

Vendor: Oracle
Status: Ssm - (hot-tamale) Ilom: Integrated Lights Out Manager
Vendor: CVE Published:; 19 October 2017

Summary

A security vulnerability exists in the Oracle Integrated Lights Out Manager (ILOM) found in Oracle Sun Systems Products Suite. This flaw allows unauthenticated attackers with network access via HTTP to exploit the system, leading to the potential for unauthorized control over the ILOM. Successful exploitation may result in a denial of service, causing the ILOM to hang or crash repeatedly. Organizations using affected versions prior to 3.2.6 should address this vulnerability promptly to safeguard their systems.

Affected Version(s)

SSM - (hot-tamale) ILOM: Integrated Lights Out Manager < 3.2.6

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101426

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 19, 2017
Vulnerability Reserved
Jun 21, 2017