Oracle ZFS Storage Appliance Kit Vulnerability Allows High Privileged Attacker to Compromise Appliance
CVE-2024-21104
6.5MEDIUM
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 16 April 2024
Summary
A security vulnerability in the Oracle ZFS Storage Appliance Kit can be exploited by high-privileged attackers who have access to the infrastructure where the appliance runs. This vulnerability allows unauthorized actions, leading to potential takeover of the Oracle ZFS Storage Appliance Kit. Successful exploitation of this flaw necessitates human interaction from a user other than the attacker, highlighting a specific attack vector that could compromise the confidentiality, integrity, and availability of data managed by the appliance.
Affected Version(s)
Sun ZFS Storage Appliance Kit (AK) Software 8.8
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published