CVE-2018-3270 - Vulnerability Details - OpenCVE

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L).

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.0019.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Oracle	Solaris

Configuration 1 [-]

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/105605
http://www.securitytracker.com/id/1041895

History

Wed, 02 Oct 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2018-10-17T01:00:00

Updated: 2024-10-02T19:27:43.561Z

Reserved: 2017-12-15T00:00:00

Link: CVE-2018-3270

Vulnrichment

Updated: 2024-08-05T04:43:35.136Z

NVD

Status : Modified

Published: 2018-10-17T01:31:28.197

Modified: 2024-11-21T04:05:34.577

Link: CVE-2018-3270

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Solaris Operating System", "vendor": "Oracle Corporation", "versions": [{"status": "affected", "version": "11.3"}]}], "datePublic": "2018-10-16T00:00:00", "descriptions": [{"lang": "en", "value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)."}], "problemTypes": [{"descriptions": [{"description": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T09:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"name": "1041895", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041895"}, {"name": "105605", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105605"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2018-3270", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Solaris Operating System", "version": {"version_data": [{"version_affected": "=", "version_value": "11.3"}]}}]}, "vendor_name": "Oracle Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris."}]}]}, "references": {"reference_data": [{"name": "1041895", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041895"}, {"name": "105605", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105605"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:43:35.136Z"}, "title": "CVE Program Container", "references": [{"name": "1041895", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041895"}, {"name": "105605", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105605"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-02T18:05:40.372935Z", "id": "CVE-2018-3270", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T19:27:43.561Z"}}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2018-3270", "datePublished": "2018-10-17T01:00:00", "dateReserved": "2017-12-15T00:00:00", "dateUpdated": "2024-10-02T19:27:43.561Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"containers": {"cna": {"affected": [{"product": "Solaris Operating System", "vendor": "Oracle Corporation", "versions": [{"status": "affected", "version": "11.3"}]}], "datePublic": "2018-10-16T00:00:00", "descriptions": [{"lang": "en", "value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)."}], "problemTypes": [{"descriptions": [{"description": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T09:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"name": "1041895", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041895"}, {"name": "105605", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105605"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2018-3270", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Solaris Operating System", "version": {"version_data": [{"version_affected": "=", "version_value": "11.3"}]}}]}, "vendor_name": "Oracle Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris."}]}]}, "references": {"reference_data": [{"name": "1041895", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041895"}, {"name": "105605", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105605"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:43:35.136Z"}, "title": "CVE Program Container", "references": [{"name": "1041895", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041895"}, {"name": "105605", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105605"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-3270", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-02T18:05:40.372935Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T18:06:15.735Z"}}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2018-3270", "datePublished": "2018-10-17T01:00:00", "dateReserved": "2017-12-15T00:00:00", "dateUpdated": "2024-10-02T19:27:43.561Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)."}, {"lang": "es", "value": "Vulnerabilidad en el componente Solaris de Oracle Sun Systems Products Suite (subcomponente: Kernel). La versi\u00f3n compatible afectada es la 11.3. Esta vulnerabilidad dif\u00edcilmente explotable permite que un atacante con muchos privilegios con inicio de sesi\u00f3n en la infraestructura en la que se ejecuta Solaris comprometa la seguridad de Solaris. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) no autorizada de Solaris. CVSS 3.0 Base Score 1.8 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)."}], "id": "CVE-2018-3270", "lastModified": "2024-11-21T04:05:34.577", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.2, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 1.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 0.3, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-17T01:31:28.197", "references": [{"source": "secalert_us@oracle.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105605"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041895"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105605"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041895"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}