Vulnerability in Oracle Sun Systems Products Suite's Remote Console Application
CVE-2018-2566

7.7HIGH

Key Information:

Vendor
Oracle
Status
Ssm - (hot-tamale) Ilom: Integrated Lights Out Manager
Vendor
CVE Published:
18 January 2018

Summary

The vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite allows low privileged attackers with network access via TLS to exploit the system. While direct exploitation is notably challenging and requires human interaction from a separate user, successful attacks can lead to unauthorized alteration or deletion of critical data within ILOM. Additionally, the potential to gain full access to all data managed by the ILOM poses significant risks, potentially impacting other associated products. Addressing this vulnerability is crucial to safeguarding sensitive information against unauthorized access.

Affected Version(s)

SSM - (hot-tamale) ILOM: Integrated Lights Out Manager 3.x

SSM - (hot-tamale) ILOM: Integrated Lights Out Manager 4.x

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102603
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040205
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.