Details of VAR-201801-1229

ID

VAR-201801-1229

CVE

CVE-2018-2568

TITLE

Oracle Sun Systems Products Suite of Integrated Lights Out Manager In Remote Console Application Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-001415

DESCRIPTION

Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application). Supported versions that are affected are 3.x and 4.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Integrated Lights Out Manager (ILOM) accessible data as well as unauthorized read access to a subset of Integrated Lights Out Manager (ILOM) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Integrated Lights Out Manager (ILOM). CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). The vulnerability can be exploited over the 'TLS' protocol. Attackers can take advantage of this vulnerability to read, update, insert or delete data without authorization, causing denial of service and affecting data confidentiality, availability and integrity

Trust: 2.07

sources: NVD: CVE-2018-2568 // JVNDB: JVNDB-2018-001415 // BID: 102606 // VULHUB: VHN-132599 // VULMON: CVE-2018-2568

AFFECTED PRODUCTS

vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.14	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.9	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.4	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.16	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.0	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.3	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.6	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.8	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.10	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0.12	Trust: 1.6
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.5	Trust: 1.3
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.4	Trust: 1.3
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.6	Trust: 1.3
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.0	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.2	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.8	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.9	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.7	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.x	Trust: 0.8
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	4.x	Trust: 0.8
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	4.0	Trust: 0.3
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0	Trust: 0.3
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2	Trust: 0.3
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.1	Trust: 0.3

sources: BID: 102606 // JVNDB: JVNDB-2018-001415 // CNNVD: CNNVD-201801-784 // NVD: CVE-2018-2568

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-2568
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-2568
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201801-784
value:	HIGH
Trust: 0.6
VULHUB:	VHN-132599
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-2568
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-2568
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-132599
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-2568
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-132599 // VULMON: CVE-2018-2568 // JVNDB: JVNDB-2018-001415 // CNNVD: CNNVD-201801-784 // NVD: CVE-2018-2568

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-132599 // JVNDB: JVNDB-2018-001415 // NVD: CVE-2018-2568

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-784

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201801-784

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001415

PATCH

title:	Oracle Critical Patch Update Advisory - January 2018	url:	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - January 2018 Risk Matrices	url:	http://www.oracle.com/technetwork/security-advisory/cpujan2018verbose-3236630.html	Trust: 0.8
title:	Oracle Sun Systems Products Suite Integrated Lights Out Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77962	Trust: 0.6
title:	Oracle: Oracle Critical Patch Update Advisory - January 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=e2a7f287e9acc8c64ab3df71130bc64d	Trust: 0.1

sources: VULMON: CVE-2018-2568 // JVNDB: JVNDB-2018-001415 // CNNVD: CNNVD-201801-784

EXTERNAL IDS

db:	NVD	id:	CVE-2018-2568	Trust: 2.9
db:	BID	id:	102606	Trust: 2.1
db:	SECTRACK	id:	1040205	Trust: 1.8
db:	JVNDB	id:	JVNDB-2018-001415	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-784	Trust: 0.7
db:	VULHUB	id:	VHN-132599	Trust: 0.1
db:	VULMON	id:	CVE-2018-2568	Trust: 0.1

sources: VULHUB: VHN-132599 // VULMON: CVE-2018-2568 // BID: 102606 // JVNDB: JVNDB-2018-001415 // CNNVD: CNNVD-201801-784 // NVD: CVE-2018-2568

REFERENCES

url:	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Trust: 2.2
url:	http://www.securityfocus.com/bid/102606	Trust: 1.9
url:	http://www.securitytracker.com/id/1040205	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-2568	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-2568	Trust: 0.8
url:	http://www.oracle.com/index.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=56479	Trust: 0.1

sources: VULHUB: VHN-132599 // VULMON: CVE-2018-2568 // BID: 102606 // JVNDB: JVNDB-2018-001415 // CNNVD: CNNVD-201801-784 // NVD: CVE-2018-2568

CREDITS

Oracle

Trust: 0.3

sources: BID: 102606

SOURCES

db:	VULHUB	id:	VHN-132599
db:	VULMON	id:	CVE-2018-2568
db:	BID	id:	102606
db:	JVNDB	id:	JVNDB-2018-001415
db:	CNNVD	id:	CNNVD-201801-784
db:	NVD	id:	CVE-2018-2568

LAST UPDATE DATE

2024-08-14T15:23:36.069000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-132599	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2018-2568	date:	2019-10-03T00:00:00
db:	BID	id:	102606	date:	2018-01-16T00:00:00
db:	JVNDB	id:	JVNDB-2018-001415	date:	2018-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201801-784	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-2568	date:	2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-132599	date:	2018-01-18T00:00:00
db:	VULMON	id:	CVE-2018-2568	date:	2018-01-18T00:00:00
db:	BID	id:	102606	date:	2018-01-16T00:00:00
db:	JVNDB	id:	JVNDB-2018-001415	date:	2018-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201801-784	date:	2018-01-19T00:00:00
db:	NVD	id:	CVE-2018-2568	date:	2018-01-18T02:29:17.727