Unauthenticated Network Access Vulnerability in Oracle Sun ZFS Storage Appliance Kit
CVE-2018-2918

7.5HIGH

Key Information:

Vendor
Oracle
Status
Sun Zfs Storage Appliance Kit (ak) Software
Vendor
CVE Published:
18 July 2018

Summary

A vulnerability exists in the Sun ZFS Storage Appliance Kit component of Oracle's Sun Systems Products Suite. This flaw permits an unauthenticated attacker with network access through multiple protocols to potentially compromise the appliance. Although successful exploitation necessitates interaction from a separate individual, it nonetheless exposes the appliance to possible takeover scenarios. Systems running versions prior to 8.7.18 are particularly susceptible to this vulnerability.

Affected Version(s)

Sun ZFS Storage Appliance Kit (AK) Software < 8.7.18

References

http://www.securityfocus.com/bid/104783
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041303
vdb-entryx_refsource_SECTRACK

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.