Unauthenticated Network Access Vulnerability in Oracle Sun ZFS Storage Appliance Kit
CVE-2018-2918
7.5HIGH
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 18 July 2018
Summary
A vulnerability exists in the Sun ZFS Storage Appliance Kit component of Oracle's Sun Systems Products Suite. This flaw permits an unauthenticated attacker with network access through multiple protocols to potentially compromise the appliance. Although successful exploitation necessitates interaction from a separate individual, it nonetheless exposes the appliance to possible takeover scenarios. Systems running versions prior to 8.7.18 are particularly susceptible to this vulnerability.
Affected Version(s)
Sun ZFS Storage Appliance Kit (AK) Software < 8.7.18
References
EPSS Score
6% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved