Sign-up

ID

VAR-201710-0772


CVE

CVE-2017-10260


TITLE

Oracle Sun Systems Products Suite of Oracle Integrated Lights Out Manager In System Management Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-008676

DESCRIPTION

Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). The supported version that is affected is Prior to 3.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Integrated Lights Out Manager (ILOM). CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The vulnerability can be exploited over the 'HTTP' protocol. Attackers can exploit this vulnerability to cause denial of service (component hang and frequent crashes), affecting data availability

Trust: 2.07

sources: NVD: CVE-2017-10260 // JVNDB: JVNDB-2017-008676 // BID: 101426 // VULHUB: VHN-100565 // VULMON: CVE-2017-10260

AFFECTED PRODUCTS

vendor:oraclemodel:integrated lights out managerscope:lteversion:3.2.5

Trust: 1.0

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2.5

Trust: 0.9

vendor:oraclemodel:integrated lights out managerscope:ltversion:3.2.6

Trust: 0.8

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2.4

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2.3

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.1

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.0

Trust: 0.3

sources: BID: 101426 // JVNDB: JVNDB-2017-008676 // CNNVD: CNNVD-201710-836 // NVD: CVE-2017-10260

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10260
value: HIGH

Trust: 1.0

NVD: CVE-2017-10260
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201710-836
value: HIGH

Trust: 0.6

VULHUB: VHN-100565
value: HIGH

Trust: 0.1

VULMON: CVE-2017-10260
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-10260
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-100565
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10260
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-100565 // VULMON: CVE-2017-10260 // JVNDB: JVNDB-2017-008676 // CNNVD: CNNVD-201710-836 // NVD: CVE-2017-10260

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2017-10260

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-836

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201710-836

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008676

PATCH
title:Oracle Critical Patch Update Advisory - October 2017url:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Trust: 0.8
title:Text Form of Oracle Critical Patch Update - October 2017 Risk Matricesurl:http://www.oracle.com/technetwork/security-advisory/cpuoct2017verbose-3236627.html
Trust: 0.8
title:Oracle Sun Systems Products Suite Oracle Integrated Lights Out Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75820
Trust: 0.6
title:Oracle: Oracle Critical Patch Update Advisory - October 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-10260 // 
            
            
            
            JVNDB: JVNDB-2017-008676 // 
            
            
            
            CNNVD: CNNVD-201710-836

EXTERNAL IDS
db:NVDid:CVE-2017-10260
Trust: 2.9
db:BIDid:101426
Trust: 1.5
db:JVNDBid:JVNDB-2017-008676
Trust: 0.8
db:CNNVDid:CNNVD-201710-836
Trust: 0.7
db:VULHUBid:VHN-100565
Trust: 0.1
db:VULMONid:CVE-2017-10260
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100565 // 
            
            
            
            VULMON: CVE-2017-10260 // 
            
            
            
            BID: 101426 // 
            
            
            
            JVNDB: JVNDB-2017-008676 // 
            
            
            
            CNNVD: CNNVD-201710-836 // 
            
            
            
            NVD: CVE-2017-10260

REFERENCES
url:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Trust: 2.2
url:http://www.securityfocus.com/bid/101426
Trust: 1.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10260
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10260
Trust: 0.8
url:http://www.oracle.com/index.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=55628
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100565 // 
            
            
            
            VULMON: CVE-2017-10260 // 
            
            
            
            BID: 101426 // 
            
            
            
            JVNDB: JVNDB-2017-008676 // 
            
            
            
            CNNVD: CNNVD-201710-836 // 
            
            
            
            NVD: CVE-2017-10260

CREDITS
Oracle
Trust: 0.3
sources:
            
            
            BID: 101426

SOURCES
db:VULHUBid:VHN-100565
db:VULMONid:CVE-2017-10260
db:BIDid:101426
db:JVNDBid:JVNDB-2017-008676
db:CNNVDid:CNNVD-201710-836
db:NVDid:CVE-2017-10260

LAST UPDATE DATE
2024-11-23T22:52:21.064000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-100565date:2017-10-24T00:00:00
db:VULMONid:CVE-2017-10260date:2017-10-24T00:00:00
db:BIDid:101426date:2017-10-17T00:00:00
db:JVNDBid:JVNDB-2017-008676date:2017-10-26T00:00:00
db:CNNVDid:CNNVD-201710-836date:2017-10-23T00:00:00
db:NVDid:CVE-2017-10260date:2024-11-21T03:05:46.007

SOURCES RELEASE DATE
db:VULHUBid:VHN-100565date:2017-10-19T00:00:00
db:VULMONid:CVE-2017-10260date:2017-10-19T00:00:00
db:BIDid:101426date:2017-10-17T00:00:00
db:JVNDBid:JVNDB-2017-008676date:2017-10-26T00:00:00
db:CNNVDid:CNNVD-201710-836date:2017-10-23T00:00:00
db:NVDid:CVE-2017-10260date:2017-10-19T17:29:01.373