ID

VAR-201710-0749


CVE

CVE-2017-10194


TITLE

Oracle Sun Systems Products Suite of Oracle Integrated Lights Out Manager In System Management Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-008675

DESCRIPTION

Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). The supported version that is affected is Prior to 3.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). The vulnerability can be exploited over the 'HTTP' protocol. Attackers can take advantage of this vulnerability to read data without authorization, affecting the confidentiality of data

Trust: 2.07

sources: NVD: CVE-2017-10194 // JVNDB: JVNDB-2017-008675 // BID: 101445 // VULHUB: VHN-100492 // VULMON: CVE-2017-10194

AFFECTED PRODUCTS

vendor:oraclemodel:integrated lights out managerscope:lteversion:3.2.5

Trust: 1.0

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2.5

Trust: 0.9

vendor:oraclemodel:integrated lights out managerscope:ltversion:3.2.6

Trust: 0.8

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2.4

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2.3

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.1

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.0

Trust: 0.3

sources: BID: 101445 // JVNDB: JVNDB-2017-008675 // CNNVD: CNNVD-201710-841 // NVD: CVE-2017-10194

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10194
value: LOW

Trust: 1.0

NVD: CVE-2017-10194
value: LOW

Trust: 0.8

CNNVD: CNNVD-201710-841
value: MEDIUM

Trust: 0.6

VULHUB: VHN-100492
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-10194
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-10194
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-100492
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10194
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-100492 // VULMON: CVE-2017-10194 // JVNDB: JVNDB-2017-008675 // CNNVD: CNNVD-201710-841 // NVD: CVE-2017-10194

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-100492 // JVNDB: JVNDB-2017-008675 // NVD: CVE-2017-10194

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-841

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201710-841

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-008675

PATCH

title:Oracle Critical Patch Update Advisory - October 2017url:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - October 2017 Risk Matricesurl:http://www.oracle.com/technetwork/security-advisory/cpuoct2017verbose-3236627.html

Trust: 0.8

title:Oracle Sun Systems Products Suite Oracle Integrated Lights Out Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75825

Trust: 0.6

title:Oracle: Oracle Critical Patch Update Advisory - October 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a

Trust: 0.1

sources: VULMON: CVE-2017-10194 // JVNDB: JVNDB-2017-008675 // CNNVD: CNNVD-201710-841

EXTERNAL IDS

db:NVDid:CVE-2017-10194

Trust: 2.9

db:BIDid:101445

Trust: 1.5

db:JVNDBid:JVNDB-2017-008675

Trust: 0.8

db:CNNVDid:CNNVD-201710-841

Trust: 0.7

db:VULHUBid:VHN-100492

Trust: 0.1

db:VULMONid:CVE-2017-10194

Trust: 0.1

sources: VULHUB: VHN-100492 // VULMON: CVE-2017-10194 // BID: 101445 // JVNDB: JVNDB-2017-008675 // CNNVD: CNNVD-201710-841 // NVD: CVE-2017-10194

REFERENCES

url:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Trust: 2.2

url:http://www.securityfocus.com/bid/101445

Trust: 1.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10194

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-10194

Trust: 0.8

url:http://www.oracle.com/index.html

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=55628

Trust: 0.1

sources: VULHUB: VHN-100492 // VULMON: CVE-2017-10194 // BID: 101445 // JVNDB: JVNDB-2017-008675 // CNNVD: CNNVD-201710-841 // NVD: CVE-2017-10194

CREDITS

Oracle

Trust: 0.3

sources: BID: 101445

SOURCES

db:VULHUBid:VHN-100492
db:VULMONid:CVE-2017-10194
db:BIDid:101445
db:JVNDBid:JVNDB-2017-008675
db:CNNVDid:CNNVD-201710-841
db:NVDid:CVE-2017-10194

LAST UPDATE DATE

2024-08-14T15:18:36.656000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-100492date:2017-10-24T00:00:00
db:VULMONid:CVE-2017-10194date:2017-10-24T00:00:00
db:BIDid:101445date:2017-10-17T00:00:00
db:JVNDBid:JVNDB-2017-008675date:2017-10-26T00:00:00
db:CNNVDid:CNNVD-201710-841date:2017-10-23T00:00:00
db:NVDid:CVE-2017-10194date:2017-10-24T16:19:33.557

SOURCES RELEASE DATE

db:VULHUBid:VHN-100492date:2017-10-19T00:00:00
db:VULMONid:CVE-2017-10194date:2017-10-19T00:00:00
db:BIDid:101445date:2017-10-17T00:00:00
db:JVNDBid:JVNDB-2017-008675date:2017-10-26T00:00:00
db:CNNVDid:CNNVD-201710-841date:2017-10-23T00:00:00
db:NVDid:CVE-2017-10194date:2017-10-19T17:29:01.200