Sign-up

ID

VAR-201710-0749


CVE

CVE-2017-10194


TITLE

Oracle Sun Systems Products Suite of Oracle Integrated Lights Out Manager In System Management Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-008675

DESCRIPTION

Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). The supported version that is affected is Prior to 3.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). The vulnerability can be exploited over the 'HTTP' protocol. Attackers can take advantage of this vulnerability to read data without authorization, affecting the confidentiality of data

Trust: 2.07

sources: NVD: CVE-2017-10194 // JVNDB: JVNDB-2017-008675 // BID: 101445 // VULHUB: VHN-100492 // VULMON: CVE-2017-10194

AFFECTED PRODUCTS

vendor:oraclemodel:integrated lights out managerscope:lteversion:3.2.5

Trust: 1.0

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2.5

Trust: 0.9

vendor:oraclemodel:integrated lights out managerscope:ltversion:3.2.6

Trust: 0.8

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2.4

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2.3

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.1

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.0

Trust: 0.3

sources: BID: 101445 // JVNDB: JVNDB-2017-008675 // CNNVD: CNNVD-201710-841 // NVD: CVE-2017-10194

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10194
value: LOW

Trust: 1.0

NVD: CVE-2017-10194
value: LOW

Trust: 0.8

CNNVD: CNNVD-201710-841
value: MEDIUM

Trust: 0.6

VULHUB: VHN-100492
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-10194
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-10194
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-100492
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10194
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-100492 // VULMON: CVE-2017-10194 // JVNDB: JVNDB-2017-008675 // CNNVD: CNNVD-201710-841 // NVD: CVE-2017-10194

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-100492 // JVNDB: JVNDB-2017-008675 // NVD: CVE-2017-10194

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-841

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201710-841

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008675

PATCH
title:Oracle Critical Patch Update Advisory - October 2017url:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Trust: 0.8
title:Text Form of Oracle Critical Patch Update - October 2017 Risk Matricesurl:http://www.oracle.com/technetwork/security-advisory/cpuoct2017verbose-3236627.html
Trust: 0.8
title:Oracle Sun Systems Products Suite Oracle Integrated Lights Out Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75825
Trust: 0.6
title:Oracle: Oracle Critical Patch Update Advisory - October 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-10194 // 
            
            
            
            JVNDB: JVNDB-2017-008675 // 
            
            
            
            CNNVD: CNNVD-201710-841

EXTERNAL IDS
db:NVDid:CVE-2017-10194
Trust: 2.9
db:BIDid:101445
Trust: 1.5
db:JVNDBid:JVNDB-2017-008675
Trust: 0.8
db:CNNVDid:CNNVD-201710-841
Trust: 0.7
db:VULHUBid:VHN-100492
Trust: 0.1
db:VULMONid:CVE-2017-10194
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100492 // 
            
            
            
            VULMON: CVE-2017-10194 // 
            
            
            
            BID: 101445 // 
            
            
            
            JVNDB: JVNDB-2017-008675 // 
            
            
            
            CNNVD: CNNVD-201710-841 // 
            
            
            
            NVD: CVE-2017-10194

REFERENCES
url:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Trust: 2.2
url:http://www.securityfocus.com/bid/101445
Trust: 1.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10194
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10194
Trust: 0.8
url:http://www.oracle.com/index.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=55628
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100492 // 
            
            
            
            VULMON: CVE-2017-10194 // 
            
            
            
            BID: 101445 // 
            
            
            
            JVNDB: JVNDB-2017-008675 // 
            
            
            
            CNNVD: CNNVD-201710-841 // 
            
            
            
            NVD: CVE-2017-10194

CREDITS
Oracle
Trust: 0.3
sources:
            
            
            BID: 101445

SOURCES
db:VULHUBid:VHN-100492
db:VULMONid:CVE-2017-10194
db:BIDid:101445
db:JVNDBid:JVNDB-2017-008675
db:CNNVDid:CNNVD-201710-841
db:NVDid:CVE-2017-10194

LAST UPDATE DATE
2024-08-14T15:18:36.656000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-100492date:2017-10-24T00:00:00
db:VULMONid:CVE-2017-10194date:2017-10-24T00:00:00
db:BIDid:101445date:2017-10-17T00:00:00
db:JVNDBid:JVNDB-2017-008675date:2017-10-26T00:00:00
db:CNNVDid:CNNVD-201710-841date:2017-10-23T00:00:00
db:NVDid:CVE-2017-10194date:2017-10-24T16:19:33.557

SOURCES RELEASE DATE
db:VULHUBid:VHN-100492date:2017-10-19T00:00:00
db:VULMONid:CVE-2017-10194date:2017-10-19T00:00:00
db:BIDid:101445date:2017-10-17T00:00:00
db:JVNDBid:JVNDB-2017-008675date:2017-10-26T00:00:00
db:CNNVDid:CNNVD-201710-841date:2017-10-23T00:00:00
db:NVDid:CVE-2017-10194date:2017-10-19T17:29:01.200