Security restrictions bypass in ILOM - CVE-2016-5448
Published: July 21, 2016 / Updated: November 22, 2018
Vulnerability identifier: #VU190
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-5448
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Oracle
Affected software:
ILOM
ILOM
Detailed vulnerability description
The vulnerability allows a remote attacker to modify data and cause partial denial of service.
The vulnerability exists in ILOM SNMP component. A remote authenticated attacker can partially modify data and cause partial denial of service conditions by exploiting a flaw in the ILOM SNMP component.
Successful exploitation of this vulnerability may result in modification of system information and partial denial of service conditions.
The vulnerability exists in ILOM SNMP component. A remote authenticated attacker can partially modify data and cause partial denial of service conditions by exploiting a flaw in the ILOM SNMP component.
Successful exploitation of this vulnerability may result in modification of system information and partial denial of service conditions.
How to mitigate CVE-2016-5448
The vendor has issued a fix as part of the July 2016 Oracle Critical Patch Update.