Vulnerability CVE-2008-4722 - CERT Civis.Net

Vulnerability Name:

CVE-2008-4722 (CCN-46023)

Assigned:

2008-10-21

Published:

2008-10-21

Updated:

2017-08-08

Summary:

Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allows remote authenticated users to (1) access the service processor (SP) and cause a denial of service (shutdown or reboot), or (2) access the host operating system and have an unspecified impact, via unknown vectors.

CVSS v3 Severity:

4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

2.9 Low (CCN CVSS v2 Vector: AV:A/AC:M/Au:N/C:N/I:P/A:N)
2.1 Low (CCN Temporal CVSS v2 Vector: AV:A/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-noinfo
CWE-287

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2008-4722

Source: CCN
Type: SA32298
Sun Integrated Lights-Out Manager Web Interface Unauthorized Access

Source: SECUNIA
Type: Vendor Advisory
32298

Source: CCN
Type: SECTRACK ID: 1021094
Sun Integrated Lights-Out Manager Bug Grants Access to Remote Users

Source: SUNALERT
Type: UNKNOWN
243486

Source: CCN
Type: Sun Alert ID: 243486
A Security Vulnerability in the Sun Integrated Lights-Out Manager (ILOM) may Allow Unauthorized Access Through the Web Interface

Source: CCN
Type: OSVDB ID: 49212
Sun Integrated Lights-Out Manager Web Interface Unspecified Access Restriction Bypass

Source: BID
Type: UNKNOWN
31861

Source: CCN
Type: BID-31861
Sun Integrated Lights-Out Manager (ILOM) Authentication Bypass Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021094

Source: VUPEN
Type: UNKNOWN
ADV-2008-2890

Source: XF
Type: UNKNOWN
ilom-webinterface-security-bypass(46023)

Source: XF
Type: UNKNOWN
ilom-webinterface-security-bypass(46023)

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:integrated_lights-out_manager:*:*:*:*:*:*:*:*

AND

cpe:/h:sun:blade_6000_modular_system_with_chassis:*:*:*:*:*:*:*:* (Version <= 2.0)

OR cpe:/h:sun:blade_6048_modular_system_with_chassis:*:*:*:*:*:*:*:* (Version <= 2.0)

OR cpe:/h:sun:blade_8000_modular_system:*:*:*:*:*:*:*:* (Version <= 2.1.1)

OR cpe:/h:sun:blade_8000p_modular_system:*:*:*:*:*:*:*:* (Version <= 2.1.1)

OR cpe:/h:sun:blade_t6320_server_module:*:*:*:*:*:*:*:* (Version <= 7.1.6)

OR cpe:/h:sun:blade_x6220_with_server_module_software:*:*:*:*:*:*:*:* (Version <= 2.0)

OR cpe:/h:sun:blade_x6250_with_server_module_software:*:*:*:*:*:*:*:* (Version <= 2.0)

OR cpe:/h:sun:blade_x6450_with_server_module_software:*:*:*:*:*:*:*:* (Version <= 2.0)

OR cpe:/h:sun:blade_x8400:*:*:*:*:*:*:*:* (Version <= 2.0.2)

OR cpe:/h:sun:blade_x8420:*:*:*:*:*:*:*:* (Version <= 2.0.2)

OR cpe:/h:sun:blade_x8440:*:*:*:*:*:*:*:* (Version <= 2.0.2)

OR cpe:/h:sun:blade_x8450:*:*:*:*:*:*:*:* (Version <= 2.1)

OR cpe:/h:sun:fire_x2250_server:*:*:*:*:*:*:*:* (Version <= sw_1.1)

OR cpe:/h:sun:fire_x4100_server:*:*:*:*:*:*:*:* (Version <= sw_1.5.1)

OR cpe:/h:sun:fire_x4100m2_server:*:*:*:*:*:*:*:* (Version <= sw_2.1)

OR cpe:/h:sun:fire_x4140_server:*:*:*:*:*:*:*:* (Version <= sw_2.1)

OR cpe:/h:sun:fire_x4150_server:*:*:*:*:*:*:*:* (Version <= sw_2.0)

OR cpe:/h:sun:fire_x4200_server:*:*:*:*:*:*:*:* (Version <= sw_1.5.1)

OR cpe:/h:sun:fire_x4200m2_server:*:*:*:*:*:*:*:* (Version <= sw_2.1)

OR cpe:/h:sun:fire_x4240_server:*:*:*:*:*:*:*:* (Version <= sw_2.1)

OR cpe:/h:sun:fire_x4250_server:*:*:*:*:*:*:*:* (Version <= sw_1.1)

OR cpe:/h:sun:fire_x4440_server:*:*:*:*:*:*:*:* (Version <= sw_2.1)

OR cpe:/h:sun:fire_x4450_server:*:*:*:*:*:*:*:* (Version <= sw_2.1.0)

OR cpe:/h:sun:fire_x4500_server:*:*:*:*:*:*:*:* (Version <= sw_1.5)

OR cpe:/h:sun:fire_x4540_server:*:*:*:*:*:*:*:* (Version <= sw_1.0)

OR cpe:/h:sun:fire_x4600_server:*:*:*:*:*:*:*:* (Version <= sw_1.4)

OR cpe:/h:sun:fire_x4600m2_server:*:*:*:*:*:*:*:* (Version <= sw_2.1.2)

OR cpe:/h:sun:netra:*:7.1.6:*:*:*:*:*:* (Version <= cp3260_atca_blade_server)

OR cpe:/h:sun:netra:*:7.1.6:*:*:*:*:*:* (Version <= t5220_server)

OR cpe:/h:sun:netra:*:7.1.4a:*:*:*:*:*:* (Version <= t5440_server)

OR cpe:/h:sun:netra_x4200m2_server:*:*:*:*:*:*:*:* (Version <= sw_2.1)

OR cpe:/h:sun:netra_x4250_server:*:*:*:*:*:*:*:* (Version <= sw_1.1)

OR cpe:/h:sun:netra_x4450:*:*:*:*:*:*:*:* (Version <= sw_1.1)

OR cpe:/h:sun:sparc_enterprise_server_t5120:*:*:*:*:*:*:*:* (Version <= 7.1.6)

OR cpe:/h:sun:sparc_enterprise_server_t5140:*:*:*:*:*:*:*:* (Version <= 7.1.6)

OR cpe:/h:sun:sparc_enterprise_server_t5220:*:*:*:*:*:*:*:* (Version <= 7.1.6)

OR cpe:/h:sun:sparc_enterprise_server_t5240:*:*:*:*:*:*:*:* (Version <= 7.1.6)

OR cpe:/h:sun:sparc_enterprise_server_t5440:*:*:*:*:*:*:*:* (Version <= 7.1.5b)

Denotes that component is vulnerable