Vulnerability CVE-2012-1683

Vulnerability Name:

CVE-2012-1683 (CCN-75009)

Assigned:

2012-04-17

Published:

2012-04-17

Updated:

2017-12-07

Summary:

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to gssd.

CVSS v3 Severity:

7.2 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): High User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

5.9 Medium (CVSS v2 Vector: AV:L/AC:H/Au:M/C:C/I:C/A:C)
4.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:H/Au:M/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Authentication (Au): Multiple_Instances
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

5.9 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:M/C:C/I:C/A:C)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:M/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): Multiple_Instances
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete