Unauthenticated Remote Code Execution Vulnerability in Oracle Solaris Cluster
CVE-2018-2930

9.8CRITICAL

Key Information:

Vendor
Oracle
Status
Solaris Cluster
Vendor
CVE Published:
18 July 2018

Summary

A vulnerability exists in the Solaris Cluster component of Oracle Sun Systems Products Suite that allows an unauthenticated attacker with network access via RPC to compromise the system. Affected versions, including 3.3 and 4.3, can be exploited easily, potentially resulting in complete control over the Solaris Cluster environment. This vulnerability poses serious risks to confidentiality, integrity, and availability.

Affected Version(s)

Solaris Cluster 3.3

Solaris Cluster 4.3

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041303
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/104777
vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.