Security Flaw in Oracle Sun Systems ILOM Remote Console Application
CVE-2018-2568

7.3HIGH

Key Information:

Vendor
Oracle
Status
Ssm - (hot-tamale) Ilom: Integrated Lights Out Manager
Vendor
CVE Published:
18 January 2018

Summary

The Integrated Lights Out Manager (ILOM) in Oracle Sun Systems Products Suite possesses a security flaw that enables unauthenticated attackers with network access via TLS to compromise the ILOM. This vulnerability allows attackers to gain unauthorized access to data by enabling update, insert, or delete capabilities for ILOM accessible data. Additionally, it grants unauthorized read access, and could lead to a partial denial of service (DoS). Users of ILOM versions 3.x and 4.x are especially vulnerable, as exploitation can significantly compromise system integrity and availability.

Affected Version(s)

SSM - (hot-tamale) ILOM: Integrated Lights Out Manager 3.x

SSM - (hot-tamale) ILOM: Integrated Lights Out Manager 4.x

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040205
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102606
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.