Sign-up

ID

VAR-201710-0776


CVE

CVE-2017-10265


TITLE

Oracle Sun Systems Products Suite of Oracle Integrated Lights Out Manager In System Management Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-008677

DESCRIPTION

Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). The supported version that is affected is Prior to 3.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Integrated Lights Out Manager (ILOM) accessible data as well as unauthorized read access to a subset of Oracle Integrated Lights Out Manager (ILOM) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Integrated Lights Out Manager (ILOM). CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). The vulnerability can be exploited over the 'HTTP' protocol. Attackers can take advantage of this vulnerability to read, update, insert or delete data without authorization, causing denial of service and affecting data confidentiality, availability and integrity

Trust: 2.07

sources: NVD: CVE-2017-10265 // JVNDB: JVNDB-2017-008677 // BID: 101431 // VULHUB: VHN-100570 // VULMON: CVE-2017-10265

AFFECTED PRODUCTS

vendor:oraclemodel:integrated lights out managerscope:lteversion:3.2.5

Trust: 1.0

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2.5

Trust: 0.9

vendor:oraclemodel:integrated lights out managerscope:ltversion:3.2.6

Trust: 0.8

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2.4

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2.3

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.1

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.0

Trust: 0.3

sources: BID: 101431 // JVNDB: JVNDB-2017-008677 // CNNVD: CNNVD-201710-832 // NVD: CVE-2017-10265

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10265
value: HIGH

Trust: 1.0

NVD: CVE-2017-10265
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201710-832
value: HIGH

Trust: 0.6

VULHUB: VHN-100570
value: HIGH

Trust: 0.1

VULMON: CVE-2017-10265
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-10265
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-100570
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10265
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-100570 // VULMON: CVE-2017-10265 // JVNDB: JVNDB-2017-008677 // CNNVD: CNNVD-201710-832 // NVD: CVE-2017-10265

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-100570 // JVNDB: JVNDB-2017-008677 // NVD: CVE-2017-10265

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-832

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201710-832

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008677

PATCH
title:Oracle Critical Patch Update Advisory - October 2017url:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Trust: 0.8
title:Text Form of Oracle Critical Patch Update - October 2017 Risk Matricesurl:http://www.oracle.com/technetwork/security-advisory/cpuoct2017verbose-3236627.html
Trust: 0.8
title:Oracle Sun Systems Products Suite Oracle Integrated Lights Out Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75816
Trust: 0.6
title:Oracle: Oracle Critical Patch Update Advisory - October 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-10265 // 
            
            
            
            JVNDB: JVNDB-2017-008677 // 
            
            
            
            CNNVD: CNNVD-201710-832

EXTERNAL IDS
db:NVDid:CVE-2017-10265
Trust: 2.9
db:BIDid:101431
Trust: 2.1
db:JVNDBid:JVNDB-2017-008677
Trust: 0.8
db:CNNVDid:CNNVD-201710-832
Trust: 0.7
db:VULHUBid:VHN-100570
Trust: 0.1
db:VULMONid:CVE-2017-10265
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100570 // 
            
            
            
            VULMON: CVE-2017-10265 // 
            
            
            
            BID: 101431 // 
            
            
            
            JVNDB: JVNDB-2017-008677 // 
            
            
            
            CNNVD: CNNVD-201710-832 // 
            
            
            
            NVD: CVE-2017-10265

REFERENCES
url:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Trust: 2.2
url:http://www.securityfocus.com/bid/101431
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10265
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10265
Trust: 0.8
url:http://www.oracle.com/index.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=55628
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100570 // 
            
            
            
            VULMON: CVE-2017-10265 // 
            
            
            
            BID: 101431 // 
            
            
            
            JVNDB: JVNDB-2017-008677 // 
            
            
            
            CNNVD: CNNVD-201710-832 // 
            
            
            
            NVD: CVE-2017-10265

CREDITS
Oracle
Trust: 0.3
sources:
            
            
            BID: 101431

SOURCES
db:VULHUBid:VHN-100570
db:VULMONid:CVE-2017-10265
db:BIDid:101431
db:JVNDBid:JVNDB-2017-008677
db:CNNVDid:CNNVD-201710-832
db:NVDid:CVE-2017-10265

LAST UPDATE DATE
2024-11-23T22:42:03.079000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-100570date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-10265date:2019-10-03T00:00:00
db:BIDid:101431date:2017-10-17T00:00:00
db:JVNDBid:JVNDB-2017-008677date:2017-10-26T00:00:00
db:CNNVDid:CNNVD-201710-832date:2019-10-23T00:00:00
db:NVDid:CVE-2017-10265date:2024-11-21T03:05:46.780

SOURCES RELEASE DATE
db:VULHUBid:VHN-100570date:2017-10-19T00:00:00
db:VULMONid:CVE-2017-10265date:2017-10-19T00:00:00
db:BIDid:101431date:2017-10-17T00:00:00
db:JVNDBid:JVNDB-2017-008677date:2017-10-26T00:00:00
db:CNNVDid:CNNVD-201710-832date:2017-10-23T00:00:00
db:NVDid:CVE-2017-10265date:2017-10-19T17:29:01.593