Details of VAR-201207-0147

ID

VAR-201207-0147

CVE

CVE-2012-3128

TITLE

Oracle SPARC T Series server firmware Integrated Lights Out Manager Processing vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-003203

DESCRIPTION

Unspecified vulnerability in Oracle SPARC T-Series Servers running System Firmware 8.2.0 and 8.1.4.e or earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Integrated Lights Out Manager. (DoS) An attack may be carried out. Oracle Sun Products Suite is prone to a local vulnerability in SPARC T-Series Servers. The 'Integrated Lights Out Manager' sub component is affected. This vulnerability affects the following supported versions: System Firmware 8.1.4.e or earlier, System Firmware 8.2.0

Trust: 1.98

sources: NVD: CVE-2012-3128 // JVNDB: JVNDB-2012-003203 // BID: 54564 // VULHUB: VHN-56409

AFFECTED PRODUCTS

vendor:	oracle	model:	sparc t-series server	scope:	eq	version:	8.2.0	Trust: 1.6
vendor:	oracle	model:	netra sparc t3-1	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	sparc t3-1b	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	sparc t3-2	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	netra sparc t4-1	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	sparc t3-1	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	sparc t4-1b	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	netra sparc t4-1b	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	netra sparc t3-1b	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	sparc t-series server	scope:	lte	version:	8.1.4e	Trust: 1.0
vendor:	oracle	model:	sparc t3-4	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	sparc t4-4	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	sparc t4-2	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	sparc t4-1	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	netra sparc t4-2	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	netra sparc t3-1	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	netra sparc t3-1b	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	netra sparc t4-1	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	netra sparc t4-1b	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	netra sparc t4-2	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	sparc t series server	scope:	lte	version:	8.1.4.e	Trust: 0.8
vendor:	oracle	model:	sparc t series server	scope:	eq	version:	8.2.0	Trust: 0.8
vendor:	oracle	model:	sparc t3-1	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	sparc t3-1b	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	sparc t3-2	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	sparc t3-4	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	sparc t4-1	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	sparc t4-1b	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	sparc t4-2	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	sparc t4-4	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	sparc t-series server	scope:	eq	version:	8.1.4e	Trust: 0.6
vendor:	sun	model:	sparc t3-4	scope:	eq	version:	0	Trust: 0.3
vendor:	sun	model:	sparc t3-2	scope:	eq	version:	0	Trust: 0.3
vendor:	sun	model:	sparc t3-1b	scope:	eq	version:	0	Trust: 0.3
vendor:	sun	model:	sparc t3-1	scope:	eq	version:	0	Trust: 0.3
vendor:	sun	model:	netra sparc t3-1b	scope:	eq	version:	0	Trust: 0.3
vendor:	sun	model:	netra sparc t3-1	scope:	eq	version:	0	Trust: 0.3

sources: BID: 54564 // JVNDB: JVNDB-2012-003203 // CNNVD: CNNVD-201207-336 // NVD: CVE-2012-3128

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3128
value:	LOW
Trust: 1.0
NVD:	CVE-2012-3128
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201207-336
value:	LOW
Trust: 0.6
VULHUB:	VHN-56409
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2012-3128
severity:	LOW
baseScore:	3.7
vectorString:	AV:L/AC:H/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	1.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-56409
severity:	LOW
baseScore:	3.7
vectorString:	AV:L/AC:H/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	1.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-56409 // JVNDB: JVNDB-2012-003203 // CNNVD: CNNVD-201207-336 // NVD: CVE-2012-3128

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-3128

THREAT TYPE

local

Trust: 0.9

sources: BID: 54564 // CNNVD: CNNVD-201207-336

TYPE

Unknown

Trust: 0.3

sources: BID: 54564

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003203

PATCH

title:	Text Form of Oracle Critical Patch Update - July 2012 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpujul2012verbose-392736.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - July 2012	url:	http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html	Trust: 0.8
title:	July 2012 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/july_2012_critical_patch_update	Trust: 0.8

sources: JVNDB: JVNDB-2012-003203

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3128	Trust: 2.8
db:	BID	id:	54564	Trust: 1.4
db:	SECTRACK	id:	1027275	Trust: 1.1
db:	OSVDB	id:	83973	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-003203	Trust: 0.8
db:	CNNVD	id:	CNNVD-201207-336	Trust: 0.7
db:	NSFOCUS	id:	20025	Trust: 0.6
db:	VULHUB	id:	VHN-56409	Trust: 0.1

sources: VULHUB: VHN-56409 // BID: 54564 // JVNDB: JVNDB-2012-003203 // CNNVD: CNNVD-201207-336 // NVD: CVE-2012-3128

REFERENCES

url:	http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/54564	Trust: 1.1
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2013:150	Trust: 1.1
url:	http://osvdb.org/83973	Trust: 1.1
url:	http://www.securitytracker.com/id?1027275	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/77057	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3128	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3128	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20025	Trust: 0.6

sources: VULHUB: VHN-56409 // JVNDB: JVNDB-2012-003203 // CNNVD: CNNVD-201207-336 // NVD: CVE-2012-3128

CREDITS

Oracle

Trust: 0.3

sources: BID: 54564

SOURCES

db:	VULHUB	id:	VHN-56409
db:	BID	id:	54564
db:	JVNDB	id:	JVNDB-2012-003203
db:	CNNVD	id:	CNNVD-201207-336
db:	NVD	id:	CVE-2012-3128

LAST UPDATE DATE

2024-11-23T22:53:32.041000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-56409	date:	2017-08-29T00:00:00
db:	BID	id:	54564	date:	2013-10-09T02:55:00
db:	JVNDB	id:	JVNDB-2012-003203	date:	2012-07-20T00:00:00
db:	CNNVD	id:	CNNVD-201207-336	date:	2012-07-18T00:00:00
db:	NVD	id:	CVE-2012-3128	date:	2024-11-21T01:40:15.553

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-56409	date:	2012-07-17T00:00:00
db:	BID	id:	54564	date:	2012-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2012-003203	date:	2012-07-20T00:00:00
db:	CNNVD	id:	CNNVD-201207-336	date:	2012-07-18T00:00:00
db:	NVD	id:	CVE-2012-3128	date:	2012-07-17T23:55:03.567