Details of VAR-201801-1202

ID

VAR-201801-1202

CVE

CVE-2018-2566

TITLE

Oracle Sun Systems Products Suite of Integrated Lights Out Manager In Remote Console Application Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001414

DESCRIPTION

Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application). Supported versions that are affected are 3.x and 4.x. Difficult to exploit vulnerability allows low privileged attacker with network access via TLS to compromise Integrated Lights Out Manager (ILOM). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Integrated Lights Out Manager (ILOM), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Integrated Lights Out Manager (ILOM) accessible data as well as unauthorized access to critical data or complete access to all Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.0 Base Score 7.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N). The vulnerability can be exploited over the 'TLS' protocol

Trust: 2.07

sources: NVD: CVE-2018-2566 // JVNDB: JVNDB-2018-001414 // BID: 102603 // VULHUB: VHN-132597 // VULMON: CVE-2018-2566

AFFECTED PRODUCTS

vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.14	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.9	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.4	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.16	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.0	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.3	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.6	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.8	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.10	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.12	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.5	Trust: 1.3
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.4	Trust: 1.3
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.6	Trust: 1.3
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.9	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.7	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.0	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.2	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.8	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.x	Trust: 0.8
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	4.x	Trust: 0.8
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	4.0	Trust: 0.3
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0	Trust: 0.3
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2	Trust: 0.3
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.1	Trust: 0.3

sources: BID: 102603 // JVNDB: JVNDB-2018-001414 // CNNVD: CNNVD-201801-786 // NVD: CVE-2018-2566

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-2566
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-2566
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201801-786
value:	HIGH
Trust: 0.6
VULHUB:	VHN-132597
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-2566
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-2566
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-132597
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-2566
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.3
impactScore:	5.8
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-132597 // VULMON: CVE-2018-2566 // JVNDB: JVNDB-2018-001414 // CNNVD: CNNVD-201801-786 // NVD: CVE-2018-2566

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-132597 // JVNDB: JVNDB-2018-001414 // NVD: CVE-2018-2566

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-786

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201801-786

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001414

PATCH

title:	Oracle Critical Patch Update Advisory - January 2018	url:	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - January 2018 Risk Matrices	url:	http://www.oracle.com/technetwork/security-advisory/cpujan2018verbose-3236630.html	Trust: 0.8
title:	Oracle Sun Systems Products Suite Integrated Lights Out Manager Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77964	Trust: 0.6
title:	Oracle: Oracle Critical Patch Update Advisory - January 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=e2a7f287e9acc8c64ab3df71130bc64d	Trust: 0.1

sources: VULMON: CVE-2018-2566 // JVNDB: JVNDB-2018-001414 // CNNVD: CNNVD-201801-786

EXTERNAL IDS

db:	NVD	id:	CVE-2018-2566	Trust: 2.9
db:	BID	id:	102603	Trust: 2.1
db:	SECTRACK	id:	1040205	Trust: 1.8
db:	JVNDB	id:	JVNDB-2018-001414	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-786	Trust: 0.7
db:	VULHUB	id:	VHN-132597	Trust: 0.1
db:	VULMON	id:	CVE-2018-2566	Trust: 0.1

sources: VULHUB: VHN-132597 // VULMON: CVE-2018-2566 // BID: 102603 // JVNDB: JVNDB-2018-001414 // CNNVD: CNNVD-201801-786 // NVD: CVE-2018-2566

REFERENCES

url:	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Trust: 2.2
url:	http://www.securityfocus.com/bid/102603	Trust: 1.9
url:	http://www.securitytracker.com/id/1040205	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-2566	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-2566	Trust: 0.8
url:	http://www.oracle.com/index.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=56479	Trust: 0.1

sources: VULHUB: VHN-132597 // VULMON: CVE-2018-2566 // BID: 102603 // JVNDB: JVNDB-2018-001414 // CNNVD: CNNVD-201801-786 // NVD: CVE-2018-2566

CREDITS

Oracle

Trust: 0.3

sources: BID: 102603

SOURCES

db:	VULHUB	id:	VHN-132597
db:	VULMON	id:	CVE-2018-2566
db:	BID	id:	102603
db:	JVNDB	id:	JVNDB-2018-001414
db:	CNNVD	id:	CNNVD-201801-786
db:	NVD	id:	CVE-2018-2566

LAST UPDATE DATE

2024-11-23T22:48:51.594000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-132597	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2018-2566	date:	2019-10-03T00:00:00
db:	BID	id:	102603	date:	2018-01-16T00:00:00
db:	JVNDB	id:	JVNDB-2018-001414	date:	2018-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201801-786	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-2566	date:	2024-11-21T04:03:56.883

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-132597	date:	2018-01-18T00:00:00
db:	VULMON	id:	CVE-2018-2566	date:	2018-01-18T00:00:00
db:	BID	id:	102603	date:	2018-01-16T00:00:00
db:	JVNDB	id:	JVNDB-2018-001414	date:	2018-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201801-786	date:	2018-01-19T00:00:00
db:	NVD	id:	CVE-2018-2566	date:	2018-01-18T02:29:17.633