Vulnerability CVE-2008-4722


Published: 2008-10-23   Modified: 2012-02-12

Description:
Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allows remote authenticated users to (1) access the service processor (SP) and cause a denial of service (shutdown or reboot), or (2) access the host operating system and have an unspecified impact, via unknown vectors.

Type:

CWE-noinfo

Vendor: SUN
Product: Netra 
Version:
t5440_server
t5220_server
cp3260_atca_blade_server
Product: Fire x4600m2 server 
Version: sw_2.1.2;
Product: Fire x4450 server 
Version: sw_2.1.0;
Product: Fire x4440 server 
Version: sw_2.1;
Product: Fire x4200m2 server 
Version: sw_2.1;
Product: Netra x4200m2 server 
Version: sw_2.1;
Product: Fire x4140 server 
Version: sw_2.1;
Product: Fire x4240 server 
Version: sw_2.1;
Product: Fire x4100m2 server 
Version: sw_2.1;
Product: Fire x4150 server 
Version: sw_2.0;
Product: Fire x4100 server 
Version: sw_1.5.1;
Product: Fire x4200 server 
Version: sw_1.5.1;
Product: Fire x4500 server 
Version: sw_1.5;
Product: Fire x4600 server 
Version: sw_1.4;
Product: Netra x4250 server 
Version: sw_1.1;
Product: Fire x4250 server 
Version: sw_1.1;
Product: Netra x4450 
Version: sw_1.1;
Product: Fire x2250 server 
Version: sw_1.1;
Product: Fire x4540 server 
Version: sw_1.0;
Product: Blade t6320 server module 
Version: 7.1.6;
Product: Sparc enterprise server t5240 
Version: 7.1.6;
Product: Sparc enterprise server t5120 
Version: 7.1.6;
Product: Sparc enterprise server t5220 
Version: 7.1.6;
Product: Sparc enterprise server t5140 
Version: 7.1.6;
Product: Sparc enterprise server t5440 
Version: 7.1.5b;
Product: Blade 8000p modular system 
Version: 2.1.1;
Product: Blade 8000 modular system 
Version: 2.1.1;
Product: Blade x8450 
Version: 2.1;
Product: Blade x8400 
Version: 2.0.2;
Product: Blade x8440 
Version: 2.0.2;
Product: Blade x8420 
Version: 2.0.2;
Product: Blade x6250 with server module software 
Version: 2.0;
Product: Blade 6048 modular system with chassis 
Version: 2.0;
Product: Blade x6220 with server module software 
Version: 2.0;
Product: Blade 6000 modular system with chassis 
Version: 2.0;
Product: Blade x6450 with server module software 
Version: 2.0;
Product: Integrated lights-out manager 

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://xforce.iss.net/xforce/xfdb/46023
http://www.vupen.com/english/advisories/2008/2890
http://www.securitytracker.com/id?1021094
http://www.securityfocus.com/bid/31861
http://sunsolve.sun.com/search/document.do?assetkey=1-26-243486-1
http://secunia.com/advisories/32298

Related CVE
CVE-2015-2808
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial ...
CVE-2015-0430
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility.
CVE-2015-0429
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to RPC Utility.
CVE-2015-0428
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Resource Control.
CVE-2015-0397
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2014-6600.
CVE-2015-0378
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Libc.
CVE-2015-0375
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network.
CVE-2014-6600
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2015-0397.

Copyright 2019, cxsecurity.com

 

Back to Top