Sign-up

ID

VAR-201710-0748


CVE

CVE-2017-10099


TITLE

Oracle Sun Systems Products Suite Multiple of SPARC based Servers In product Firmware Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-008842

DESCRIPTION

Vulnerability in the SPARC M7, T7, S7 based Servers component of Oracle Sun Systems Products Suite (subcomponent: Firmware). The supported version that is affected is Prior to 9.7.6.b. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where SPARC M7, T7, S7 based Servers executes to compromise SPARC M7, T7, S7 based Servers. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of SPARC M7, T7, S7 based Servers. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. Attackers can exploit this vulnerability to cause denial of service (component hang and frequent crashes), affecting data availability

Trust: 2.07

sources: NVD: CVE-2017-10099 // JVNDB: JVNDB-2017-008842 // BID: 101442 // VULHUB: VHN-100387 // VULMON: CVE-2017-10099

AFFECTED PRODUCTS

vendor:oraclemodel:sparc-sun systemscope:lteversion:9.7.5.e

Trust: 1.0

vendor:oraclemodel:sun systems products suitescope:ltversion:of sparc m7 based servers 9.7.6.b

Trust: 0.8

vendor:oraclemodel:sun systems products suitescope:ltversion:of sparc s7 based servers 9.7.6.b

Trust: 0.8

vendor:oraclemodel:sun systems products suitescope:ltversion:of sparc t7 based servers 9.7.6.b

Trust: 0.8

vendor:oraclemodel:sparc-sun systemscope:eqversion:9.7.5.e

Trust: 0.6

vendor:oraclemodel:sparc t7 serverscope:eqversion:0

Trust: 0.3

vendor:oraclemodel:sparc s7 serverscope:eqversion:0

Trust: 0.3

vendor:oraclemodel:sparc m7 serverscope:eqversion:0

Trust: 0.3

sources: BID: 101442 // JVNDB: JVNDB-2017-008842 // CNNVD: CNNVD-201710-856 // NVD: CVE-2017-10099

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10099
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-10099
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201710-856
value: MEDIUM

Trust: 0.6

VULHUB: VHN-100387
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-10099
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-10099
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-100387
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10099
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-100387 // VULMON: CVE-2017-10099 // JVNDB: JVNDB-2017-008842 // CNNVD: CNNVD-201710-856 // NVD: CVE-2017-10099

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-100387 // JVNDB: JVNDB-2017-008842 // NVD: CVE-2017-10099

THREAT TYPE

local

Trust: 0.9

sources: BID: 101442 // CNNVD: CNNVD-201710-856

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201710-856

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008842

PATCH
title:Oracle Critical Patch Update Advisory - October 2017url:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Trust: 0.8
title:Text Form of Oracle Critical Patch Update - October 2017 Risk Matricesurl:http://www.oracle.com/technetwork/security-advisory/cpuoct2017verbose-3236627.html
Trust: 0.8
title:Oracle Sun Systems Products Suite SPARC M7 , T7  and S7 based Servers Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75840
Trust: 0.6
title:Oracle: Oracle Critical Patch Update Advisory - October 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-10099 // 
            
            
            
            JVNDB: JVNDB-2017-008842 // 
            
            
            
            CNNVD: CNNVD-201710-856

EXTERNAL IDS
db:NVDid:CVE-2017-10099
Trust: 2.9
db:BIDid:101442
Trust: 2.1
db:JVNDBid:JVNDB-2017-008842
Trust: 0.8
db:CNNVDid:CNNVD-201710-856
Trust: 0.7
db:VULHUBid:VHN-100387
Trust: 0.1
db:VULMONid:CVE-2017-10099
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100387 // 
            
            
            
            VULMON: CVE-2017-10099 // 
            
            
            
            BID: 101442 // 
            
            
            
            JVNDB: JVNDB-2017-008842 // 
            
            
            
            CNNVD: CNNVD-201710-856 // 
            
            
            
            NVD: CVE-2017-10099

REFERENCES
url:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Trust: 2.2
url:http://www.securityfocus.com/bid/101442
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10099
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10099
Trust: 0.8
url:http://www.oracle.com/index.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=55628
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100387 // 
            
            
            
            VULMON: CVE-2017-10099 // 
            
            
            
            BID: 101442 // 
            
            
            
            JVNDB: JVNDB-2017-008842 // 
            
            
            
            CNNVD: CNNVD-201710-856 // 
            
            
            
            NVD: CVE-2017-10099

CREDITS
Oracle
Trust: 0.3
sources:
            
            
            BID: 101442

SOURCES
db:VULHUBid:VHN-100387
db:VULMONid:CVE-2017-10099
db:BIDid:101442
db:JVNDBid:JVNDB-2017-008842
db:CNNVDid:CNNVD-201710-856
db:NVDid:CVE-2017-10099

LAST UPDATE DATE
2025-04-20T23:42:55.882000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-100387date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-10099date:2019-10-03T00:00:00
db:BIDid:101442date:2017-10-17T00:00:00
db:JVNDBid:JVNDB-2017-008842date:2017-10-30T00:00:00
db:CNNVDid:CNNVD-201710-856date:2019-10-23T00:00:00
db:NVDid:CVE-2017-10099date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-100387date:2017-10-19T00:00:00
db:VULMONid:CVE-2017-10099date:2017-10-19T00:00:00
db:BIDid:101442date:2017-10-17T00:00:00
db:JVNDBid:JVNDB-2017-008842date:2017-10-30T00:00:00
db:CNNVDid:CNNVD-201710-856date:2017-10-24T00:00:00
db:NVDid:CVE-2017-10099date:2017-10-19T17:29:00.687