cve-2018-2930
Vulnerability from cvelistv5
Published
2018-07-18 13:00
Modified
2024-10-02 20:17
Severity ?
EPSS score ?
Summary
Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Solaris Cluster. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | Patch, Vendor Advisory | |
| secalert_us@oracle.com | http://www.securityfocus.com/bid/104777 | Third Party Advisory, VDB Entry | |
| secalert_us@oracle.com | http://www.securitytracker.com/id/1041303 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104777 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041303 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Solaris Cluster |
Version: 3.3 Version: 4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:36:38.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "1041303",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041303"
},
{
"name": "104777",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104777"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-2930",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T18:19:03.812271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T20:17:40.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Solaris Cluster",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "3.3"
},
{
"status": "affected",
"version": "4.3"
}
]
}
],
"datePublic": "2018-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Solaris Cluster. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Solaris Cluster.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-27T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "1041303",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041303"
},
{
"name": "104777",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104777"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solaris Cluster",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.3"
},
{
"version_affected": "=",
"version_value": "4.3"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Solaris Cluster. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Solaris Cluster."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "1041303",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041303"
},
{
"name": "104777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104777"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2018-2930",
"datePublished": "2018-07-18T13:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-10-02T20:17:40.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-2930\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2018-07-18T13:29:02.023\",\"lastModified\":\"2024-11-21T04:04:46.597\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Solaris Cluster. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el componente Solaris Cluster de Oracle Sun Systems Products Suite (subcomponente: NAS device addition). Las versiones soportadas que se han visto afectadas son la 3.3 y la 4.3. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por RPC comprometa la seguridad de Solaris Cluster. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Solaris Cluster. CVSS 3.0 Base Score 9.8 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:solaris_cluster:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5FFE725-7FE0-4236-82D1-3025EFCD0190\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:solaris_cluster:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39081BA5-E70C-4ACB-B98C-E264AAEFD6C4\"}]}]}],\"references\":[{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104777\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041303\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104777\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041303\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1041303\", \"name\": \"1041303\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/104777\", \"name\": \"104777\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T04:36:38.739Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-2930\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-02T18:19:03.812271Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-02T18:19:29.021Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"Solaris Cluster\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.3\"}, {\"status\": \"affected\", \"version\": \"4.3\"}]}], \"datePublic\": \"2018-03-27T00:00:00\", \"references\": [{\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.securitytracker.com/id/1041303\", \"name\": \"1041303\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://www.securityfocus.com/bid/104777\", \"name\": \"104777\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Solaris Cluster. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Solaris Cluster.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2018-07-27T09:57:01\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"3.3\", \"version_affected\": \"=\"}, {\"version_value\": \"4.3\", \"version_affected\": \"=\"}]}, \"product_name\": \"Solaris Cluster\"}]}, \"vendor_name\": \"Oracle Corporation\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\", \"name\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.securitytracker.com/id/1041303\", \"name\": \"1041303\", \"refsource\": \"SECTRACK\"}, {\"url\": \"http://www.securityfocus.com/bid/104777\", \"name\": \"104777\", \"refsource\": \"BID\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Solaris Cluster. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Solaris Cluster.\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-2930\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert_us@oracle.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2018-2930\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-02T20:17:40.940Z\", \"dateReserved\": \"2017-12-15T00:00:00\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2018-07-18T13:00:00\", \"assignerShortName\": \"oracle\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.